DBPower C300 HD Camera Configuration Disclosure Vulnerability
Vulnerability
A configuration disclosure vulnerability has been identified in the DBPower C300 HD Camera. This vulnerability allows unauthenticated attackers to access sensitive credentials by downloading a configuration backup from an unprotected endpoint. The hardcoded username and password can be extracted from the downloaded configuration file.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive credentials, including usernames and passwords.
Reproduction
The vulnerability can be reproduced by sending a request to the '/tmpfs/config_backup.bin' endpoint. This can be done using a web browser or a script that automates the request. The response will include a gzipped binary file that contains the configuration data. After downloading the file, it can be decoded to reveal the embedded usernames and passwords.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.