The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.
shodan:
html:LS_CAMINFO_MODEL
漏洞设备版本
v1.0.12
固件获取
漏洞分析
通过漏洞描述可知,漏洞发生在login.cgi,使用ida打开login.cgi,搜索字符串“logout”,然后交叉引用,发现只有主函数存在“logout”这个字符串,重点看下图位置
