From 80cb86835fe592572ee19a10e7b160f0b3b46ff9 Mon Sep 17 00:00:00 2001
From: Anton <af001@users.noreply.github.com>
Date: Mon, 11 Apr 2022 10:07:13 -0400
Subject: [PATCH 1/5] Create sony-camera-backdoor.yaml

Sony backdoor check in some IP cameras.
---
 iot/sony-camera-backdoor.yaml | 42 +++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 iot/sony-camera-backdoor.yaml

diff --git a/iot/sony-camera-backdoor.yaml b/iot/sony-camera-backdoor.yaml
new file mode 100644
index 0000000000..710b827463
--- /dev/null
+++ b/iot/sony-camera-backdoor.yaml
@@ -0,0 +1,42 @@
+id: sony-camera-backdoor
+
+info:
+  name: Backdoor In Sony IPELA Engine IP Cameras
+  author: af001
+  severity: medium
+  reference: 
+    - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
+    - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
+    - https://jvn.jp/en/vu/JVNVU96435227/index.html
+  remediation: Upgrade to the latest version of the firmware provided by Sony.
+  tags: sony,backdoor,unauth,telnet
+  classification:
+    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
+    cvss-score: 6.50
+    cve-id: CVE-2016-7834
+    cwe-id: CWE-798
+  description: "Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor."
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/command/prima-factory.cgi"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 401
+
+      - type: word
+        part: header
+        words:
+          - 'gen5th'
+          - 'gen6th'
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - 'Sony'
+        condition: and

From 3a9bdb653f29fec12341898df1fb8f7c3047c61e Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Mon, 11 Apr 2022 23:09:32 +0530
Subject: [PATCH 2/5] misc updates

---
 iot/sony-camera-backdoor.yaml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/iot/sony-camera-backdoor.yaml b/iot/sony-camera-backdoor.yaml
index 710b827463..9a8fa9520e 100644
--- a/iot/sony-camera-backdoor.yaml
+++ b/iot/sony-camera-backdoor.yaml
@@ -4,18 +4,18 @@ info:
   name: Backdoor In Sony IPELA Engine IP Cameras
   author: af001
   severity: medium
-  reference: 
+  description: Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor.
+  reference:
     - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
     - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
     - https://jvn.jp/en/vu/JVNVU96435227/index.html
   remediation: Upgrade to the latest version of the firmware provided by Sony.
-  tags: sony,backdoor,unauth,telnet
   classification:
     cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
     cvss-score: 6.50
     cve-id: CVE-2016-7834
     cwe-id: CWE-798
-  description: "Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor."
+  tags: sony,backdoor,unauth,telnet
 
 requests:
   - method: GET
@@ -38,5 +38,4 @@ requests:
       - type: word
         part: header
         words:
-          - 'Sony'
-        condition: and
+          - 'Sony'
\ No newline at end of file

From 5bf2c5fb2f8ce007e1b09b59cdbbb670f438ba61 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 12 Apr 2022 00:58:32 +0530
Subject: [PATCH 3/5] Update sony-camera-backdoor.yaml

---
 iot/sony-camera-backdoor.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/iot/sony-camera-backdoor.yaml b/iot/sony-camera-backdoor.yaml
index 9a8fa9520e..78c53f6a1a 100644
--- a/iot/sony-camera-backdoor.yaml
+++ b/iot/sony-camera-backdoor.yaml
@@ -15,7 +15,7 @@ info:
     cvss-score: 6.50
     cve-id: CVE-2016-7834
     cwe-id: CWE-798
-  tags: sony,backdoor,unauth,telnet
+  tags: sony,backdoor,unauth,telnet,iot
 
 requests:
   - method: GET
@@ -38,4 +38,4 @@ requests:
       - type: word
         part: header
         words:
-          - 'Sony'
\ No newline at end of file
+          - 'Sony'

From df05e8cadd17ecac4620fd51eec4be9a7b062671 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 24 May 2022 15:19:12 +0530
Subject: [PATCH 4/5] Update sony-camera-backdoor.yaml

---
 iot/sony-camera-backdoor.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/iot/sony-camera-backdoor.yaml b/iot/sony-camera-backdoor.yaml
index 78c53f6a1a..26bacdb065 100644
--- a/iot/sony-camera-backdoor.yaml
+++ b/iot/sony-camera-backdoor.yaml
@@ -4,29 +4,34 @@ info:
   name: Backdoor In Sony IPELA Engine IP Cameras
   author: af001
   severity: medium
-  description: Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor.
+  description: |
+    Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor.
   reference:
     - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
     - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
     - https://jvn.jp/en/vu/JVNVU96435227/index.html
-  remediation: Upgrade to the latest version of the firmware provided by Sony.
+  remediation: |
+    Upgrade to the latest version of the firmware provided by Sony.
   classification:
     cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
     cvss-score: 6.50
     cve-id: CVE-2016-7834
     cwe-id: CWE-798
-  tags: sony,backdoor,unauth,telnet,iot
+  tags: sony,backdoor,unauth,telnet,iot,camera
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/command/prima-factory.cgi"
 
+    headers:
+      Authorization: Bearer cHJpbWFuYTpwcmltYW5h
+
     matchers-condition: and
     matchers:
       - type: status
         status:
-          - 401
+          - 204
 
       - type: word
         part: header
@@ -34,8 +39,3 @@ requests:
           - 'gen5th'
           - 'gen6th'
         condition: or
-
-      - type: word
-        part: header
-        words:
-          - 'Sony'

From 0ec4ca7d070c4406c3adb89bd08aebf80aa2e0bb Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Wed, 14 Sep 2022 22:55:05 +0530
Subject: [PATCH 5/5] Update sony-camera-backdoor.yaml

---
 iot/sony-camera-backdoor.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/iot/sony-camera-backdoor.yaml b/iot/sony-camera-backdoor.yaml
index 26bacdb065..f79871c4a2 100644
--- a/iot/sony-camera-backdoor.yaml
+++ b/iot/sony-camera-backdoor.yaml
@@ -29,13 +29,13 @@ requests:
 
     matchers-condition: and
     matchers:
-      - type: status
-        status:
-          - 204
-
       - type: word
         part: header
         words:
           - 'gen5th'
           - 'gen6th'
         condition: or
+
+      - type: status
+        status:
+          - 204