COMMAX Smart Home System Unauthenticated Configuration Change and Denial-of-Service Vulnerability

A vulnerability in the COMMAX Smart Home System's CCTV Bridge DVR Service allows an unauthenticated attacker to change configuration settings and cause a denial-of-service condition. This is achieved by sending a malformed request to the 'setconf' endpoint, which is responsible for handling configuration changes. The vulnerability arises from missing authentication for critical functions, enabling unauthorized users to manipulate device settings and disrupt service availability.

Impact

Exploitation of this vulnerability leads to unauthorized configuration changes and a denial-of-service condition, where the device becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'setconf' endpoint with specific data parameters. This request can be made using tools like curl. The data should include configuration values that, when processed by the endpoint, trigger the denial-of-service condition. After the request is sent, the server responds with a confirmation message, but the connection to the 'setconf' endpoint is subsequently refused, indicating a successful denial-of-service attack.