çReal
example: Axis 2100 IP cameras [link]
¼Tested
on firmware <= 2.43
çAttacker sends malformed HTTP request to the camera’s web
server (no password is required by the attacker)
çWhen
admin visits logs page the payload could:
¼Add a
new admin backdoor account
¼Steal
passwords file
¼Hijack
video stream