zeroscience
ZSL Bot v4.89.1.00
Код:
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Vendor: The Akuvox Company
Product web page: https://www.akuvox.com
Affected version: Doorphone:
S539
S532
X916
X915
X912
R29
Intercom:
R20K-2
R20A-2
C313W-2
NS-2
NC-2
NX-2
Firmware: 912.30.1.137
Summary: Vandal-resistant Door Phone for High-end Buildings. Offering
top-of-the-line features, Akuvox X912 is targeted at high-end residential
and commercial projects. With a compact size, it is perfect for buildings
with limited installation space.
Desc: The application suffers from an unauthenticated live stream disclosure
when requesting video.cgi endpoint on port 8080.
Tested on: lighttpd/1.4.30
EasyHttpServer
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5826
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php
25.02.2024
--
$ firefox http://192.168.1.2:8080/video.cgi
Zero Science Lab » Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Македонска лабораторија за истражување и развој на информациска безбедност
www.zeroscience.mk