Headline
Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Weak Hashing / Disclosure
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the “default” account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
[Suggested description]
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
A local attacker with the “default” account is capable of reading the
/etc/passwd file, which contains a weakly hashed root password.
By taking this hash and cracking it, the attacker
can obtain root rights on the device.
[Vulnerability Type]
Insecure Permissions
[Vendor of Product]
Sannce
[Affected Product Code Base]
Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component]
Root user through file /etc/passwd
[Attack Type]
Local
[Impact Escalation of Privileges]
true
[Attack Vectors]
To exploit the vulnerability, someone must be able to get local
presence on the device. e.g. through command injection or by using the
telnet interface as a low-privileged user.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference]
https://www.sannce.com
Use CVE-2019-20466.