Published: 25/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 756

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wificam wireless_ip_camera_\\(p2p\\)_firmware -

# Exploit-DB Note ~ Source: pierrekimgithubio/advisories/expl-goahead-camerac # Exploit-DB Note ~ Credit: pierrekimgithubio/blog/2017-03-08-camera-goahead-0dayhtml #include <stdioh> #include <stringh> #include <stdlibh> #include <unistdh> #include <arpa/ineth> #include <netinet/inh> # ...

A PoC exploit for CVE-2017-8225 - GoAhead System.ini Leak

CVE-2017-8225 - GoAhead Systemini Leak This vulnerability pertains to Wireless IP Camera (P2P) WIFICAM devices It arises from a lapse in correctly validating ini files, which store critical credentials An adept attacker can exploit this by providing empty values for both the loginuse and loginpas parameters in the URI Specifically, access is granted via the path: /systemi

CVE-2017-8225 Install Python3 apt-get install git pip3 install requests pip3 install colorama sudo apt update apt-get install python3 Installation: git clone githubcom/kienquoc102/CVE-2017-8225git Code Exploit: cd CVE-2017-8225 python3 scanippy (Your File

CWE-522 https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead http://seclists.org/fulldisclosure/2017/Mar/23 https://nvd.nist.gov https://www.exploit-db.com/exploits/43142/https://github.com/K3ysTr0K3R/CVE-2017-8225-EXPLOIT

CVE-2017-8225

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect