spiraling yet |
CVE-2024-46959 - hacking the runofast 10$ baby cam with firmware version CloudCam 57.0.0.1posted on : 9/07/2024so vulnerable!!!!my first hacking blog poast whoagood evening. so this story begins in the middle of the night when i was really bored and wanted to find something to hack. i had made the rounds on my home network and it really wasnt working out. so i took a chance and bought some security cams on the web and a day later two arrived at my door. tonight's victim! so asclepius, what happened?the cameras turned out to be really shitty as expected, but today ill be focusing on the runofast one, becuase i think it's the easier one. so i ran some nmap scans on it we all do, output follows. (censoring out the last two octets of the addr becasue im cool)
now i had no idea wtf an rtsp was!! however i did have the ability to use a -A flag, which turned the 8001 into rtsp too...so i did some reasrch into some flags that i was getting returned when i curled it.
this was a little weird! at this point i had tried to run the descirbe, play, and other params like that into the curl command. during this, i also ran it with the root:password params just to see if it work. no dice!!!! say...this was the real time streaming protcol.... SO! i went to our lord and savior, ffmpeg and decied to just test some params in it and it did not look good! here's the command:
doctors hate her! she took one command this was the result: that's me! through the camera! with basic creds! which is not at all like safe. i kinda broke it before i could test more creds to see if it even was default credential issue vs a broken access one, so give me $$$ to get another one if you want a continueation of it! so i also after the fact tried to find the company's yknow email or anything to say hey i can see myself in your camera! but alas i couldn't. if you are from that company and care about this at all heyyyy this is really insecure and bad. if you value your privacy i would not buy this at all tbh. again, this credential cannot be changed in any way that i've seen, meaning this thing comes with unchangable hardcoded credentials that are basic and at the top of all wordlists out there. final words:thanks for reading my first ever actual hacking post, idk if this is a vuln or a cve or whatever but here u go!! |