Title: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Advisory ID: ZSL-2019-5532
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 08.09.2019

Summary

Rifatron with its roots in Seoul, Korea has been supplying and servicing the security market as a leading CCTV/video surveillance security system manufacturer, specializing in stand-alone digital video recorder since 1998. We are known for marking the first standalone DVR with audio detection and 480 frames per secone(fps) and have been focusing on highend products and large projects in a variety applications and merket. These include government and public services, banking and finance, hotels and entertatinment, retail education, industrial and commercial sectors throughout Europe, Middle East, the U.S. and Asia. Based on the accumulated know-how in the security industry, Rifatron is trying its utmost for the technology development and customer satisfaction to be the best security solution company in the world.

Description

The DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

Vendor

Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. - http://www.rifatron.com

Affected Version

5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504)
7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
Firmware: <=8.0 (000143)

Tested On

Embedded Linux
Boa/0.94.14rc21

Vendor Status

N/A

PoC

idss_stream.sh

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://www.exploit-db.com/exploits/47368
[2] https://packetstormsecurity.com/files/154417
[3] https://cxsecurity.com/issue/WLB-2019090065
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/166805

Changelog

[08.09.2019] - Initial release
[17.09.2019] - Added reference [1], [2], [3] and [4]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk