{"id":1930,"date":"2012-10-22T09:26:23","date_gmt":"2012-10-22T12:26:23","guid":{"rendered":"http:\/\/www.talsoft.com.ar\/?p=1930"},"modified":"2012-10-22T09:26:23","modified_gmt":"2012-10-22T12:26:23","slug":"grave-vulnerabilidad-en-varios-modelos-de-camaras-ip","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/","title":{"rendered":"Grave vulnerabilidad en varios modelos de c\u00e1maras IP"},"content":{"rendered":"<div>Se ha dado a conocer una\u00a0<strong>grave vulnerabilidad<\/strong>\u00a0por la que\u00a0<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/265532\">una gran variedad de modelos populares de c\u00e1maras IP dejar\u00edan al descubierto en texto claro todas las credenciales residentes en su configuraci\u00f3n<\/a>, tanto de los usuario como de las asociadas a servicios como FTP o mail.<\/div>\n<div><\/div>\n<div>La vulnerabilidad (<a href=\"http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-3002\">CVE-2012-3002<\/a>) que un principio fue comunicada en los foros oficiales de uno de los fabricantes (FOSCAM). Posteriores an\u00e1lisis han determinado que afectar\u00eda a muchos otros (Wansview principalmente) que comparten el firmware y chipset afectados de las series HiVision Hi35xx. El problema es que,\u00a0<strong>adem\u00e1s de almacenar las contrase\u00f1as en texto claro, es posible eludir la restricci\u00f3n que las protege\u00a0<\/strong>y por tanto, se puede acceder a ellas por web sin conocer ninguna contrase\u00f1a previa.<\/div>\n<div><\/div>\n<div>Por el momento, son 11 los fabricantes afectados y estos algunos de los fabricantes y modelos vulnerables:<\/div>\n<div><\/div>\n<ul>\n<li>FOSCAM &#8211; FI9820W, FI9802W, FI8608W, FI8601W FI8602W, FI8620, FI8609W, FI8919WZ<\/li>\n<li>WANSVIEW &#8211; NCH-536MW, NCH536MW, NCH-532MW, NCH532MW, NCH-531MW, NCH531MW<\/li>\n<li>Suneyes &#8211; SP-HS05W, SP-HS02W<\/li>\n<li>DBPOWER &#8211; H.264 HD MEGAPIXEL IPCAM<\/li>\n<li>AGASIO &#8211; A522W, A622W<\/li>\n<li>DERICAM &#8211; H501W<\/li>\n<li>DSN-Q10<\/li>\n<li>NVH-589MW<\/li>\n<li>ASTAK MOLE<\/li>\n<li>EasyN &#8211; HS-691<\/li>\n<li>EasySE &#8211; H2<\/li>\n<\/ul>\n<div><\/div>\n<div>No existe por el momento un firmware actualizado que lo solucione.\u00a0<strong>Se recomienda por tanto, aplicar controles de acceso a las URLs de este tipo de c\u00e1maras\u00a0<\/strong>hasta poder aplicar un parche que corrija la vulnerabilidad. Los par\u00e1metros con los que se pueden obtener las credenciales son:<\/div>\n<div><\/div>\n<div><a href=\"http:\/\/camara\/web\/cgi-bin\/hi3510\/param.cgi?cmd=getuser\">http:\/\/camara\/web\/cgi-bin\/hi3510\/param.cgi?cmd=getuser<\/a><\/div>\n<div><\/div>\n<div><strong>Es sencillo acceder a este tipo de c\u00e1maras expuestas en la red.\u00a0<\/strong>Una b\u00fasqueda en Google permite localizar algunos de los modelos afectados.<\/div>\n<div><\/div>\n<div><\/div>\n<div><\/div>\n<div>Una vez presentados en la c\u00e1mara, se obtiene control total, pudiendo cambiar los credenciales, formatear la tarjeta de memoria , enviar emails, etc&#8230;<\/div>\n<div><\/div>\n<div><\/div>\n<div><\/div>\n<div>Se ha publicado\u00a0<a href=\"http:\/\/foscam.us\/forum\/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html\">una peque\u00f1a herramienta\u00a0<\/a>que permite conocer<strong>\u00a0si la c\u00e1mara es vulnerable o no.<\/strong><\/div>\n<div><\/div>\n<div><strong>M\u00e1s informaci\u00f3n:<\/strong><\/div>\n<div><\/div>\n<div>VU#265532: Multi-vendor IP camera web interface authentication bypass<\/div>\n<div><a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/265532\">http:\/\/www.kb.cert.org\/vuls\/id\/265532<\/a><\/div>\n<div><\/div>\n<div>H264 IP Camera Web Interface Authentication Bypass Test Tool<\/div>\n<div><a href=\"http:\/\/foscam.us\/forum\/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html\">http:\/\/foscam.us\/forum\/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html<\/a><\/div>\n<div><\/div>\n<div>H.264 IP Camera Exploit Tester<\/div>\n<div><a href=\"http:\/\/foscam.us\/forum\/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html\">http:\/\/foscam.us\/forum\/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html<\/a><\/div>\n<div><\/div>\n<div><\/div>\n<div align=\"right\">Jos\u00e9 Mesa<br \/>\n<a href=\"&#x6d;&#97;i&#x6c;&#x74;&#111;:&#x6a;&#x6d;&#101;s&#x61;&#64;h&#x69;&#x73;&#112;a&#x73;&#x65;&#99;&#46;&#x63;&#111;&#109;\">&#106;&#x6d;e&#115;&#x61;&#64;&#x68;i&#115;&#x70;a&#x73;&#x65;&#99;&#x2e;c&#111;&#x6d;<\/a><\/p>\n<p>Sergio de los Santos<\/p><\/div>\n<div align=\"right\"><a href=\"&#x6d;&#x61;&#x69;&#x6c;&#116;&#111;:ss&#x61;&#x6e;&#x74;&#x6f;&#115;&#64;his&#x70;&#x61;&#x73;&#x65;&#99;&#46;&#99;om\">ssa&#110;&#116;&#111;&#115;&#x40;&#x68;&#x69;&#x73;&#x70;&#x61;&#x73;ec&#46;&#99;&#111;&#109;<\/a><\/div>\n<div align=\"right\">Twitter:\u00a0<a href=\"http:\/\/www.twitter.com\/ssantosv\">@ssantosv<\/a><\/div>\n<div style=\"text-align: left;\" align=\"right\">Fuente: Hispasec<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Se ha dado a conocer una\u00a0grave vulnerabilidad\u00a0por la que\u00a0una gran variedad de modelos populares de c\u00e1maras IP dejar\u00edan al descubierto en texto claro todas las credenciales residentes en su configuraci\u00f3n, tanto de los usuario como de las asociadas a servicios como FTP o mail. La vulnerabilidad (CVE-2012-3002) que un principio fue comunicada en los foros [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1930","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Grave vulnerabilidad en varios modelos de c\u00e1maras IP<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Grave vulnerabilidad en varios modelos de c\u00e1maras IP\",\"datePublished\":\"2012-10-22T12:26:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\"},\"wordCount\":410,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Grave vulnerabilidad en varios modelos de c\u00e1maras IP\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2012-10-22T12:26:23+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Grave vulnerabilidad en varios modelos de c\u00e1maras IP","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Grave vulnerabilidad en varios modelos de c\u00e1maras IP","datePublished":"2012-10-22T12:26:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/"},"wordCount":410,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/","url":"https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Grave vulnerabilidad en varios modelos de c\u00e1maras IP","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2012-10-22T12:26:23+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/grave-vulnerabilidad-en-varios-modelos-de-camaras-ip\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=1930"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1930\/revisions"}],"predecessor-version":[{"id":1931,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1930\/revisions\/1931"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=1930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=1930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=1930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}