Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Weak Hashing / Disclosure
[Suggested description]An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
A local attacker with the “default” account is capable of reading the
/etc/passwd file, which contains a weakly hashed root password.
By taking this hash and cracking it, the attacker
can obtain root rights on the device.
presence on the device. e.g. through command injection or by using the
telnet interface as a low-privileged user.
A local attacker with the “default” account is capable of reading the
/etc/passwd file, which contains a weakly hashed root password.
By taking this hash and cracking it, the attacker
can obtain root rights on the device.
——————————————
[Vulnerability Type]Insecure Permissions——————————————
[Vendor of Product]Sannce——————————————
[Affected Product Code Base]Sannce Smart HD Wifi Security Camera – EAN nr: 2 950004 595317——————————————
[Affected Component]Root user through file /etc/passwd——————————————
[Attack Type]Local——————————————
[Impact Escalation of Privileges]true——————————————
[Attack Vectors]To exploit the vulnerability, someone must be able to get localpresence on the device. e.g. through command injection or by using the
telnet interface as a low-privileged user.
——————————————
[Has vendor confirmed or acknowledged the vulnerability?]true——————————————
[Discoverer]Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.——————————————
[Reference]https://www.sannce.comUse CVE-2019-20466.
آسیبپذیریهای جدید و وصلههای امنیتی بهصورت مداوم منتشر میشوند و عدم بروزرسانی بهموقع میتواند امنیت سرویسهای حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرمافزارها، نصب Patchهای امنیتی و سختسازی سرورها است.
خدمات مدیریت و امنیت سرور