module
Axis IP Camera Application Upload
| Disclosed |
|---|
| Apr 12, 2018 |
Disclosed
Apr 12, 2018
Description
This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party
developers to upload and execute 'eap' applications on the device. The system does not validate
the application comes from a trusted source, so a malicious attacker can upload and execute
arbitrary code. The issue has no CVE, although the technique was made public in 2018.
This module uploads and executes stageless meterpreter as `root`. Uploading the application
requires valid credentials. The default administrator credentials used to be `root:root` but
newer firmware versions force users to provide a new password for the `root` user.
The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021).
Although all modules that support the "Apps" feature are presumed to be vulnerable.
developers to upload and execute 'eap' applications on the device. The system does not validate
the application comes from a trusted source, so a malicious attacker can upload and execute
arbitrary code. The issue has no CVE, although the technique was made public in 2018.
This module uploads and executes stageless meterpreter as `root`. Uploading the application
requires valid credentials. The default administrator credentials used to be `root:root` but
newer firmware versions force users to provide a new password for the `root` user.
The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021).
Although all modules that support the "Apps" feature are presumed to be vulnerable.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.