Praetorian503 Posted February 6, 2013 Report Share Posted February 6, 2013 Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated.Product: Lorex LNC116 and LNC104 IP CamerasVendor: LOREX Technology Inc.Vulnerability Type: Authentication BypassVulnerable Firmware Version(s): 030312 and earlierTested Firmware Version: 030312Fixed Firmware Version: 030405Solution Status: Fixed by VendorVendor Notification: December 22, 2012 Public Disclosure: February 5, 2013CVE Reference: CVE-2012-6451Credit: Jason Doyle / Twitter @jasond0yleAdvisory Details:The camera’s web interface uses HTTP Basic for authentication, but authentication details are only validated on the home login page. By forced browsing, or navigating directly to any valid URL on the web interface other than the homepage, it is possible to bypass authentication.Risk:It's possible to view the live video feed and/or change all configurable settings anonymously.Proof of Concept:Navigate directly to http://x.x.x.x/cgi-bin/display.cgi to view the camera’s live video feed anonymously.Solution:Upgrade to firmware version 030405.Source: PacketStorm Quote Link to comment Share on other sites More sharing options...