Skip to content

bitfu/sricam-gsoap2.8-dos-exploit

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

sricam-gsoap2.8-dos-exploit

[Sricam gSOAP2.8 DoS exploit proof of concept]

Proof of Concept code: Sricam_gSOAP_PoC_exploit.sh

CVE-2019-6973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6973

Thanks to the CVE Assignment Team for their help structuring the following:

[Description]
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.


[Additional Information]
Sricam IP CCTV Camera's are vulnerable to denial of service with reliably predictable downtime, exploitable by sending multiple incomplete HTTP requests.

I have spoken with Sricam who said they do not support this. I have also spoken to gSOAP techs and the camera is vulnerable because Sricam have configured their cameras to use an iterative webserver with a long timeout of 20secs. gSOAP recommend to use a threaded web server with a maximum timeout of 5 seconds.


[Vulnerability Type]
Denial of Service


[Vendor of Product]
Sricam


[Affected Product Code Base]
Sricam gSOAP 2.8 - 2.8


[Affected Component]
Sricam IP CCTV Camera gSOAP 2.8 webserver


[Attack Type]
Remote


[Impact Denial of Service]
True


[Attack Vectors]
Send an incomplete HTTP request. For each request the Sricam implementation of the gSOAP web server will wait 20seconds before responding - but the camera will still accept more incoming connections and queue them. This condition can be exploited in order to reliably cause denial of service.


[Reference]
https://github.com/bitfu/sricam-gsoap2.8-dos-exploit


[Discoverer]
Andrew Watson
Contact: https://keybase.io/bitfu

About

Sricam gSOAP2.8 DoS exploit PoC

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages