Trivision NC-227WF Authentication Bypass and Username Enumeration Vulnerability

An authentication bypass vulnerability has been identified in the Trivision NC-227WF camera firmware version 5.80 (build 20141010). This vulnerability allows an attacker to bypass the expected HTTP Digest authentication by using Basic authentication credentials instead. The device responds with different error messages depending on the validity of the username, enabling username enumeration. This could lead to unauthorized access to the camera's web interface and streaming capabilities.

Impact

Exploitation of this vulnerability allows for unauthorized access to the camera's web interface and live video streams. Additionally, the vulnerability exposes valid usernames, which could be used in conjunction with password guessing attacks or credential stuffing.

Reproduction

To reproduce this vulnerability, send a request to a Digest-authenticated endpoint using Basic authentication credentials. The response will include the full web interface HTML, links to configuration pages, and embedded RTMP stream URLs containing base64-encoded credentials. Observe the error messages returned when attempting to log in with different usernames to confirm username enumeration.

Remediation

Users are advised to disable Basic authentication on Digest-protected endpoints, standardize login error messages to prevent username validity disclosure, rotate any exposed credentials, and restrict management interface access by IP.