Jump to content
Praetorian503

Lorex LNC116 / LNC104 IP Camera Authentication Bypass

Recommended Posts

Posted

Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated.

Product: Lorex LNC116 and LNC104 IP Cameras
Vendor: LOREX Technology Inc.
Vulnerability Type: Authentication Bypass
Vulnerable Firmware Version(s): 030312 and earlier
Tested Firmware Version: 030312
Fixed Firmware Version: 030405
Solution Status: Fixed by Vendor
Vendor Notification: December 22, 2012
Public Disclosure: February 5, 2013
CVE Reference: CVE-2012-6451
Credit: Jason Doyle / Twitter @jasond0yle

Advisory Details:
The camera’s web interface uses HTTP Basic for authentication, but authentication details are only validated on the

home login page. By forced browsing, or navigating directly to any valid URL on the web interface other than the

homepage, it is possible to bypass authentication.

Risk:
It's possible to view the live video feed and/or change all configurable settings anonymously.

Proof of Concept:
Navigate directly to http://x.x.x.x/cgi-bin/display.cgi to view the camera’s live video feed anonymously.

Solution:
Upgrade to firmware version 030405.

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...