Merge pull request #4110 from af001/master

Backdoor check for Sony IP cameras
2022-09-14 22:57:35 +05:30 · 2022-09-14 22:57:35 +05:30 · aaa28f4c06
parent 19de5ca8df 0ec4ca7d07
commit aaa28f4c06
1 changed files with 41 additions and 0 deletions
--- a/iot/sony-camera-backdoor.yaml
+++ b/iot/sony-camera-backdoor.yaml
@ -0,0 +1,41 @@
+id: sony-camera-backdoor
+
+info:
+  name: Backdoor In Sony IPELA Engine IP Cameras
+  author: af001
+  severity: medium
+  description: |
+    Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor.
+  reference:
+    - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
+    - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
+    - https://jvn.jp/en/vu/JVNVU96435227/index.html
+  remediation: |
+    Upgrade to the latest version of the firmware provided by Sony.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
+    cvss-score: 6.50
+    cve-id: CVE-2016-7834
+    cwe-id: CWE-798
+  tags: sony,backdoor,unauth,telnet,iot,camera
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/command/prima-factory.cgi"
+
+    headers:
+      Authorization: Bearer cHJpbWFuYTpwcmltYW5h
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - 'gen5th'
+          - 'gen6th'
+        condition: or
+
+      - type: status
+        status:
+          - 204