Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29992
HistoryNov 05, 2013 - 12:00 a.m.

Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)

2013-11-0500:00:00
vulners.com
43
JSON

Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)
Mark Stanislav - [email protected]

I. DESCRIPTION

Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web application running on the camera. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera. Further, using the web interface credentials will provide access to a camera stream and configuration details, including third-party API keys.

II. TESTED VERSION

iOS Mobile Application: 1.0.5
Camera Firmware: 2.0.2

III. PoC EXPLOIT

1) Telnet Credentials

  • "root" with a password of "stemroot"
  • "admin" with a password of "/ADMIN/"
  • "mg3500" with a password of "merlin"

2) HTTP Credentials (http://camera-ip/mobileye/)

  • "user" with a password of "user"

IV. SOLUTION

Update to the latest firmware and hope for the best.

V. REFERENCES

https://blog.duosecurity.com/2013/10/izon-ip-camera-hardcoded-passwords-and-unencrypted-data-abound/
https://securityledger.com/2013/10/apple-store-favorite-izon-cameras-riddled-with-security-holes/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6236

VI. TIMELINE

09/06/2013 - Initial vendor contact stating I wanted to discuss a variety of security issues
09/06/2013 - Vendor’s help desk responded and asked for clarification about my request
09/06/2013 - Responded to the vendor’s help desk and reaffirmed my purpose for contact
09/16/2013 - Updated my existing help desk ticket after not hearing back in 10 days
09/19/2013 - Received a response back to contact their CEO directly about these issues
09/19/2013 - E-mailed the vendor’s CEO with synopsis details and severity ratings for the key issues
09/30/2013 - I opened up a new help desk ticket to follow-up after not hearing from their CEO after 11 days
10/01/2013 - The new case was updated saying that their CEO was aware of my email and would respond
10/03/2013 - I received a follow-up from their CTO with no specific details about plans to fix issues
10/03/2013 - Followed-up with the CTO to ask for specific details about the issues I had found
10/14/2013 - CTO responded asking to “meet” to discuss my findings but again offered no details
10/14/2013 - Offered up time ranges for the next day that were viable to discuss my findings
10/17/2013 - Public presentation of camera research which included these issues
10/28/2013 - Still no response from vendor on confirmation of fixes or a timeline to do so

Related

exploitpack 1
securityvulns 1
zdt 1
prion 1
openvas 1
seebug 1
packetstorm 1
cve 1
exploitdb 1
exploitpack
exploitpack
Stem Innovation - IZON Hard-Coded Credentials
2013-10-29 00:00:00
securityvulns
securityvulns
Stem Innovation IZON IP cameras backdoor
2013-11-05 00:00:00
zdt
zdt
Stem Innovation IZON Hardcoded Password Vulnerability
2014-01-19 00:00:00
prion
prion
Design/Logic Flaw
2020-02-12 16:15:00
openvas
openvas
IZON IP Cameras Hardcoded Credentials (Telnet)
2013-11-07 00:00:00
seebug
seebug
Stem Innovation ‘IZON’ Hard-coded Credentials
2014-07-02 00:00:00
packetstorm
packetstorm
Stem Innovation IZON Hardcoded Password
2014-01-17 00:00:00
cve
cve
CVE-2013-6236
2020-02-12 16:15:00
exploitdb
exploitdb
Stem Innovation - 'IZON' Hard-Coded Credentials
2013-10-29 00:00:00
JSON
Related for SECURITYVULNS:DOC:29992
exploitpack1securityvulns1zdt1prion1openvas1seebug1packetstorm1cve1exploitdb1