Compro Technology IP Camera - Credential Disclosure (CVE-2021-40380)


Application Details

Compro Technology is a large developer and manufacturer of IT products, specialising in network video. Providing digital network-based surveillance solutions.


Vulnerability

Multiple Compro products could allow a remote attacker to obtain sensitive information, caused by improper access control in cameralist.cgi.


Identification

By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials.

GET /cgi-bin/cameralist/cameralist.cgi?id=*

Detection

By turning this into a traffic file and matching rule, we are able to detect unauthorised attempts in the disclosure of device administrator credentials (usernames and passwords), or RSTP credentials.


Coverage

Idappcom has created signature 8021774 along with a traffic file.


References

Compro Technology IP Camera Credential Disclosure - Exploit Database

Compro Technology IP Camera Credential Disclosure - Packet Storm Security

CVE-2021-40380


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can share your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional