Published: 13/03/2017 Updated: 15/03/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an malicious user to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
embedthis goahead -

CCTV Camera scanner using the GoAhead webserver exploit

CCTV-GoAhead-Exploit Multi-threaded CCTV Camera exploit for the GoAhead webserver vulnerability (CVE-2017-5674) First: python3 cctvscanpy <File Name> (eg python3 cctvscanpy scannedtxt) This uses the Shodan IOT search engine to find CCTV cameras with the GoAhead vulnerability Second: python3 cctvbrutepy <input f

CWE-200 https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/https://www.cybereason.com/cve-ip-cameras/https://nvd.nist.gov https://github.com/mitchwolfe1/CCTV-GoAhead-Exploit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5674

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect