Zero Science Lab » COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

Title: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
Advisory ID: ZSL-2021-5667
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 15.08.2021

Summary

COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes.

Description

The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP stream.

Vendor

COMMAX Co., Ltd. - https://www.commax.com

Affected Version

CVD-AH04 DVR 4.4.1
CVD-AF04 DVR 4.4.1
CVD-AH16 DVR 5.1.4
CVD-AF16 DVR 4.4.1
CVD-AF08 DVR 5.1.2
CVD-AH08 DVR 5.1.2

Tested On

Boa/0.94.14rc19

Vendor Status

[02.08.2021] Vulnerability discovered.
[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.

PoC

commax_dvrcreds.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/163853
[2] https://www.exploit-db.com/exploits/50210
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/207572

Changelog

[15.08.2021] - Initial release
[23.08.2021] - Added reference [1], [2] and [3]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk