uc-httpd 1.0.0 buffer overflow exploit PoC
Clone or download
Latest commit 39feec0 Jun 26, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
0dayPoC.py
LICENSE
README.md

README.md

uc-httpd-1.0.0-buffer-overflow-exploit

[XiongMai uc-httpd 1.0.0 buffer overflow exploit proof of concept]

Proof of Concept code: 0dayPoC.py

CVE-2018-10088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10088

Thanks to the CVE Assignment Team for their help structuring the following:

[Description]
Buffer overflow in XiongMai uc-httpd 1.0.0 allows unauthenticated attackers to execute Denial of Service remotely, or possibly have unspecified other impact, via a Web camera viewer interface, a different vulnerability than CVE-2017-16725.


[Additional Information]
Potential for development into full RCE with root permissions as the Sofia process runs as root on the DVR tested. The vulnerability could potentially affect hundreds of thousands of DVR's according to Shodan.io


[Vulnerability Type]
Buffer Overflow


[Vendor of Product]
Xiongmai Technology


[Affected Product Code Base]
xiongmai uc-httpd - 1.0.0


[Affected Component]
Currently the PoC leads to Denial of Service by crashing the process (Sofia) that runs multiple services on the DVR, including the uc-httpd web server.


[Attack Type]
Remote


[Impact Denial of Service]
True


[Attack Vectors]
Sending a crafted HTTP POST request via the Web camera viewer login form at https://www.shodan.io/search?query=uc-httpd+1.0.0


[Reference]
https://github.com/bitfu/uc-httpd-1.0.0-buffer-overflow-exploit


[Discoverer]
Andrew Watson
Contact: https://keybase.io/bitfu