[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] HD Pan/Tilt Wi-Fi Camera NC450 Hard-Coded Credential Vulnerability


The NC450 is your favorable companion that meets to home and office
surveillance needs, keeping you in touch with what matters most. With its
smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the
camera to almost any position you want and watch over a wider area of your

HD Pan/Tilt Wi-Fi Camera NC450 contain hard-coded credentials within its
Linux distribution image. This credentials (root:root) cannot be changed
through any normal operation of the camera.


TP-LINK Technologies Co., Ltd. - http://www.tp-link.us

*Affected Version:*

NC450 1.5.0 Build 181022 Rel.3A033D

*Vendor Status*


*Proof Of Concept:*

[oit@ubuntu] [10:34]
> grep -iRn "root:" .
Binary file ./fs_1/bin/pppd matches

root@kali:~# cat hash.me
root:$1$gt7/dy0B$6hipR95uckYG1cQPXJB.H.:0:0:Linux User,,,:/home/root:/bin/sh
root@kali:~# john hash.me --show
root:root:0:0:Linux User,,,:/home/root:/bin/sh

1 password hash cracked, 0 left


Sachin Wagh (@tiger_tigerboy)



Best Regards,

*Sachin Wagh*
Security Researcher

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/