AVTECH DGM1104 Command Injection Vulnerability in SMB Server Function
Vulnerability
A command injection vulnerability has been identified in the AVTECH DGM1104 camera model, specifically in the SMB server function of the web interface. This vulnerability allows authenticated users to execute arbitrary commands as the root user on the device by sending crafted input through the web API. The issue arises because the 'cgibox' binary automatically mounts SMB shares using configuration settings that are not properly sanitized, enabling exploitation via the 'system()' function.
Impact
Exploitation of this vulnerability allows for authenticated command injection, with the executed commands running as the root user on the affected device. According to the author, this could lead to remote code execution.
Reproduction
The vulnerability can be reproduced by authenticating to the camera's web interface and then sending a request that includes maliciously crafted SMB configuration settings. These settings should be designed to exploit the command injection flaw by injecting commands that will be executed on the device as the root user.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.