Apeman ID71 Hard-Coded Credentials Vulnerability

A vulnerability in the Apeman ID71 IP camera, specifically in the firmware version 218.53.203.117, has been identified. This issue involves hard-coded credentials that grant unauthorized access to administrative and root privileges. The vulnerability is present in the file '/system/www/system.ini', which exposes a static web admin account. The hard-coded credentials can be exploited remotely, allowing attackers to gain full control over the device, including access to video feeds and configuration settings. Additionally, the compromised device could be used in a botnet.

Impact

Exploitation of this vulnerability leads to a full compromise of the device, allowing unauthorized access to administrative and root privileges. This access includes exposure of video and audio streams, manipulation of device settings, and potential participation in a botnet.

Reproduction

The vulnerability can be reproduced by accessing the '/system/www/system.ini' file on the affected camera model. This file reveals hard-coded credentials for a web admin account, which can be used to authenticate and gain administrative access to the device. Once logged in, the '/tmp/system/param/passwd' file can be accessed, which contains root shell account credentials. The presence of these hard-coded credentials allows for easy exploitation, as any attacker with network access can authenticate to the device and gain full control.

Remediation

No official remediation is available, and the vendor has not responded to disclosure attempts. However, it is recommended to implement restrictive firewall rules to block unauthorized access to the device.