Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Title: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Advisory ID: ZSL-2019-5532
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 08.09.2019
7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
Firmware: <=8.0 (000143)
Boa/0.94.14rc21
[2] https://packetstormsecurity.com/files/154417
[3] https://cxsecurity.com/issue/WLB-2019090065
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/166805
[17.09.2019] - Added reference [1], [2], [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2019-5532
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 08.09.2019
Summary
Rifatron with its roots in Seoul, Korea has been supplying and servicing the security market as a leading CCTV/video surveillance security system manufacturer, specializing in stand-alone digital video recorder since 1998. We are known for marking the first standalone DVR with audio detection and 480 frames per secone(fps) and have been focusing on highend products and large projects in a variety applications and merket. These include government and public services, banking and finance, hotels and entertatinment, retail education, industrial and commercial sectors throughout Europe, Middle East, the U.S. and Asia. Based on the accumulated know-how in the security industry, Rifatron is trying its utmost for the technology development and customer satisfaction to be the best security solution company in the world.Description
The DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.Vendor
Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. - http://www.rifatron.comAffected Version
5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504)7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
Firmware: <=8.0 (000143)
Tested On
Embedded LinuxBoa/0.94.14rc21
Vendor Status
N/APoC
idss_stream.shCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/47368[2] https://packetstormsecurity.com/files/154417
[3] https://cxsecurity.com/issue/WLB-2019090065
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/166805
Changelog
[08.09.2019] - Initial release[17.09.2019] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk