CVE-2019-25246 Scanner

The BEWARD N100 H.264 VGA IP Camera is a security device utilized by businesses and homeowners for surveillance purposes. It allows users to monitor real-time video feeds through a network connection. The camera is mostly used by security personnel and IT managers who need to ensure constant surveillance. This device is popular for its high-resolution video output, contributing to enhanced security measures. BEWARD's IP cameras are integrated with digital video recording systems for proper documentation of all events. Finally, the camera's accessibility over a network makes it suitable for use in remote surveillance setups.

There is a vulnerability in the BEWARD N100 H.264 VGA IP Camera allowing for arbitrary file disclosure. This vulnerability stems from improper validation of file path parameters resulting in unauthorized access to system files. An authenticated attacker could exploit this vulnerability to view sensitive information stored within the camera's filesystem. This disclosure of critical data may lead to heightened security risks if exploited. Such vulnerabilities are typically marked by a failure to adhere to secure input validation practices. The vulnerability specifically affects the fileread script and SendCGICMD API.

This vulnerability occurs due to insecure handling of the 'READ.filePath' parameter within the device's CGI scripts. The HTTP GET method is exploited to request files from the camera. The endpoint vulnerable to arbitrary file disclosure is '{{BaseURL}}/cgi-bin/operator/fileread'. It does not properly validate the 'READ.filePath' parameter, allowing attackers to traverse directories and access sensitive files like '/etc/passwd'. The authentication required is minimal, and attackers can use basic authorization to gain access. Regular expressions and status checks confirm successful file access.

If exploited, this vulnerability could lead to significant security issues, including unauthorized access to sensitive information. Attackers might retrieve critical files, potentially leading to exposure of usernames, hashed passwords or configuration data. Such access can facilitate further attacks on the internal network, increasing overall risk. Disclosure of sensitive system files could also prompt reputational damage and violate data protection regulations. The ability to read unauthorized files might also allow attackers to gather information for spear-phishing or other targeted attacks.

REFERENCES

• https://www.exploit-db.com/exploits/46320
• https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php
• https://nvd.nist.gov/vuln/detail/CVE-2019-25246