Application Details
Compro Technology is a large developer and manufacturer of IT products, specialising in network video. Providing digital network-based surveillance solutions.
Vulnerability
Multiple Compro products could allow a remote attacker to obtain sensitive information, caused by improper access control in cameralist.cgi.
Identification
By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials.
GET /cgi-bin/cameralist/cameralist.cgi?id=*Detection
By turning this into a traffic file and matching rule, we are able to detect unauthorised attempts in the disclosure of device administrator credentials (usernames and passwords), or RSTP credentials.
Coverage
Idappcom has created signature 8021774 along with a traffic file.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional