Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
TL;DR: by analysing the security of a camera, I found a pre-auth RCE as root against 1250 camera models. Shodan lists 185 000 vulnerable cameras. The "Cloud" protocol establishes clear-text UDP tunnels (in order to bypass NAT and firewalls) between an attacker and cameras by using only the serial number of the targeted camera. Then, the attacker can automaticaly bruteforce the credentials of cameras.
The Wireless IP Camera (P2P) WIFICAM is a Chinese web camera which allows to stream remotely.
MOTEUR DE RECHERCHE DES FAILLES ET TOOLS
| Sam & Max: Python, Django, Git et du cul
Test your server for Heartbleed
Heartbleed : Faille critique pour OpenSSL, correctifs disponibles en urgence | UnderNews
1419 links, including 6 private