Skip to content

bitfu/sricam-gsoap2.8-dos-exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

sricam-gsoap2.8-dos-exploit

[Sricam gSOAP2.8 DoS exploit proof of concept]

Proof of Concept code: Sricam_gSOAP_PoC_exploit.sh

CVE-2019-6973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6973

Thanks to the CVE Assignment Team for their help structuring the following:

[Description]
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.


[Additional Information]
Sricam IP CCTV Camera's are vulnerable to denial of service with reliably predictable downtime, exploitable by sending multiple incomplete HTTP requests.

I have spoken with Sricam who said they do not support this. I have also spoken to gSOAP techs and the camera is vulnerable because Sricam have configured their cameras to use an iterative webserver with a long timeout of 20secs. gSOAP recommend to use a threaded web server with a maximum timeout of 5 seconds.


[Vulnerability Type]
Denial of Service


[Vendor of Product]
Sricam


[Affected Product Code Base]
Sricam gSOAP 2.8 - 2.8


[Affected Component]
Sricam IP CCTV Camera gSOAP 2.8 webserver


[Attack Type]
Remote


[Impact Denial of Service]
True


[Attack Vectors]
Send an incomplete HTTP request. For each request the Sricam implementation of the gSOAP web server will wait 20seconds before responding - but the camera will still accept more incoming connections and queue them. This condition can be exploited in order to reliably cause denial of service.


[Reference]
https://github.com/bitfu/sricam-gsoap2.8-dos-exploit


[Discoverer]
Andrew Watson
Contact: https://keybase.io/bitfu

About

Sricam gSOAP2.8 DoS exploit PoC

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages