Qianniao IP Security Camera Root Code Execution Vulnerability via SD Card Script
Vulnerability
A vulnerability in the Qianniao QN-L23PA0904 IP security camera's firmware update process allows for arbitrary root code execution. This issue arises because the camera executes a user-supplied shell script from an SD card during boot, without any integrity or authenticity checks. By placing a crafted 'iu.sh' script in an 'upgrade' directory on the SD card, attackers can gain root access, install backdoors, and exfiltrate data.
Impact
Exploitation of this vulnerability leads to unauthorized root access on the device, allowing for full control over the camera's functions and data.
Reproduction
To reproduce this vulnerability, insert an SD card containing a crafted 'iu.sh' script into the camera before it boots. The 'upgrade' directory must also be present on the SD card. Once the camera is powered on, the 'iu.sh' script will be executed as root, bypassing any security measures.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.