Vocran NVR Remote Command Execution

critical Nessus Plugin ID 104124

Synopsis

The Vocran network video recorder is affected by a remote command execution vulnerability.

Description

The remote Vocran network video recorder is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /board.cgi. An unauthenticated remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device.

This vulnerability has been used by the IoT Reaper botnet.

Note that Nessus has detected this vulnerability by reading the contents of the file /proc/cpuinfo.

Solution

At time of publication, Vacron had not yet released a patch. Users should take precautions to ensure affected devices are not exposed to the internet and that the devices are properly isolated on the local network.

See Also

https://blogs.securiteam.com/index.php/archives/3445

http://www.nessus.org/u?197042fe

Plugin Details

Severity: Critical

ID: 104124

File Name: vacron_nvr_cmd_exec.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 10/24/2017

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: installed_sw/Vocran NVR

Exploited by Nessus: true

Vulnerability Publication Date: 10/12/2017