← Advisories

MOBOTIX Video Security Cameras CSRF Add Admin Exploit

Medium

Advisory ID

ZSL-2016-5312

Release Date

30 March 2016

Vendor

MOBOTIX AG - https://www.mobotix.com

Affected Version

[Model]: D22M-Secure, [HW]: T2r1.1.AA, 520 MHz, 128 MByte RAM, [SW]: MX-V3.5.2.23.r3, [Model]: Q24M-Secure, [HW]: T2r3.1, 806 MHz, [SW]: MX-V4.1.10.28, [Model]: D14D-Secure, [HW]: T2r4.2b, 806 MHz, 256 MByte RAM, [SW]: MX-V4.1.4.70, [Model]: M15D-Secure, [HW]: T3r4.4, 806 MHz, [SW]: MX-V4.3.4.50

CVE

N/A

Tested On

Linux 2.6.37.6+, thttpd/2.19-MX

Summary

MOBOTIX is a German System Manufacturer of Professional Video Management (VMS) and Smart IP Cameras. These cameras support all standard features of MOBOTIX IP cameras like automatic object detection, messaging via network and onboard or network recording. The dual lens thermal system supports additionally a second optical video sensor with 6-megapixel resolution.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept

mobotix_csrf.htmlTXT

Disclosure Timeline

25.02.2016Vulnerability discovered.

25.02.2016Vendor contacted.

26.02.2016Vendor responds asking more details.

26.02.2016Sent details to the vendor.

01.03.2016Asked vendor for status update.

02.03.2016Vendor currently evaluating the issue.

10.03.2016Asked vendor for status update.

15.03.2016No response from the vendor.

16.03.2016Asked vendor for status update.