Beward N100 H.264 VGA IP Camera File Disclosure Vulnerability

An authenticated file disclosure vulnerability has been identified in the Beward N100 H.264 VGA IP Camera running firmware version M2.1.6. This vulnerability allows attackers to read arbitrary system files by exploiting the 'READ.filePath' parameter in the fileread script or through the SendCGICMD API. Sensitive files such as /etc/passwd and /etc/issue can be accessed by supplying absolute file paths.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive system files, potentially allowing attackers to gain critical system information or exploit further vulnerabilities.

Reproduction

To reproduce this vulnerability, authenticate to the camera's web interface and send a request to the 'cgi-bin/operator/fileread' endpoint with the 'READ.filePath' parameter set to an absolute path of a file that needs to be accessed, such as '/etc/passwd'. This can be done using a tool like curl, including the necessary authorization header. Alternatively, the SendCGICMD command can be used to achieve the same result.