Zero Science Lab » Teradek Slice 7.3.15 (snapshot.cgi) Stream Disclosure

Teradek Slice 7.3.15 (snapshot.cgi) Stream Disclosure

Title: Teradek Slice 7.3.15 (snapshot.cgi) Stream Disclosure
Advisory ID: ZSL-2018-5466
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 21.05.2018

Summary

Built on the award-winning Cube platform, Slice is a rack mount HEVC / H.264 codec designed to fit seamlessly into your broadcast studio. Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O, Ethernet and WiFi connectivity, and full duplex IFB.

Description

Slice suffers from an unauthenticated and unauthorized live stream disclosure when snapshot.cgi script is called.

Vendor

Teradek, LLC - https://www.teradek.com

Affected Version

Firmware Version:7.3.15 (build 31735)
Hardware Version: 2.1

Tested On

lighttpd/1.4.48
lighttpd/1.4.31

Vendor Status

[02.03.2018] Vulnerability discovered.
[08.05.2018] Vendor contacted.
[08.05.2018] Vendor replied asking more details.
[08.05.2018] Sent details to the vendor.
[10.05.2018] Asked vendor for status update.
[13.05.2018] No response from the vendor.
[14.05.2018] Asked vendor for status update.
[20.05.2018] No response from the vendor.
[21.05.2018] Public security advisory released.

PoC

teradek_slice_stream.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/147794
[2] https://cxsecurity.com/issue/WLB-2018050175
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/143722

Changelog

[21.05.2018] - Initial release
[29.05.2018] - Added reference [1], [2] and [3]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk