[XiongMai uc-httpd 1.0.0 buffer overflow exploit proof of concept]
Proof of Concept code: 0dayPoC.py
CVE-2018-10088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10088
Thanks to the CVE Assignment Team for their help structuring the following:
[Description]
Buffer overflow in XiongMai uc-httpd 1.0.0 allows unauthenticated
attackers to execute Denial of Service remotely,
or possibly have unspecified other impact,
via a Web camera viewer interface, a different vulnerability than CVE-2017-16725.
[Additional Information]
Potential for development into full RCE with root permissions as the
Sofia process runs as root on the DVR tested. The vulnerability could
potentially affect hundreds of thousands of DVR's according to
Shodan.io
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
Xiongmai Technology
[Affected Product Code Base]
xiongmai uc-httpd - 1.0.0
[Affected Component]
Currently the PoC leads to Denial of Service by crashing the process (Sofia) that runs multiple services on the DVR,
including the uc-httpd web server.
[Attack Type]
Remote
[Impact Denial of Service]
True
[Attack Vectors]
Sending a crafted HTTP POST request via the Web camera viewer login form at https://www.shodan.io/search?query=uc-httpd+1.0.0
[Reference]
https://github.com/bitfu/uc-httpd-1.0.0-buffer-overflow-exploit
[Discoverer]
Andrew Watson
Contact: https://keybase.io/bitfu