漏洞类别:CGI
漏洞等级: 
漏洞信息
Brickcom is a network video manufacturer in the IP surveillance industry.
Multiple vulnerabilities have been reported in several Brickcom devices :
CVE-2017-9238: Information Disclosure Vulnerability.
CVE-2017-9237: Hard-Coded Cryptographic keys.
CVE-2017-9236: Use of Undocumented Account.
CVE-2017-9234: Cross-Site Request Forgery vulnerability.
CVE-2017-9235: Credentials Management Issue.
Affected Versions:
Firmware version 3.7.0.2aR running on all v6 cameras (except OB-E200Nf, VD-E200Nf, Hydra Camera). Other versions may also be affected.
QID Detection Logic (Remote):
This QID checks for the device information by directly accessing the configfile.dump file.
漏洞危害
An unauthenticated, remote attacker could exploit these vulnerabilities to obtain unauthorized access of the targeted system.
解决方案
The vendor has not confirmed the vulnerability and no patch information is available at this time.
Workaround:
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
0daybank
文章评论