Axis IP Camera Application Upload
Description
This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute 'eap' applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. The issue has no CVE, although the technique was made public in 2018. This module uploads and executes stageless meterpreter as `root`. Uploading the application requires valid credentials. The default administrator credentials used to be `root:root` but newer firmware versions force users to provide a new password for the `root` user. The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021). Although all modules that support the "Apps" feature are presumed to be vulnerable.
Author(s)
- jbaines-r7
Platform
Linux
Architectures
armle
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/axis_app_install
msf exploit(axis_app_install) > show targets
...targets...
msf exploit(axis_app_install) > set TARGET < target-id >
msf exploit(axis_app_install) > show options
...show and set options...
msf exploit(axis_app_install) > exploit
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security