FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日3年前

# Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
# Date: 2018-10-14
# Vendor: FLIR Systems, Inc
# Product web page: https://www.flir.com
# Affected version: Firmware: 1.32.16, 1.17.13, OS: neco_v1.8-0-g7ffe5b3
# Hardware: Flir Systems Neco Board
# Tested on: GNU/Linux 3.0.35-flir+gfd883a0 (armv7l), lighttpd/1.4.33, PHP/5.4.14
# References:
# Advisory ID: ZSL-2018-5494
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5494.php

# Desc: The devices utilizes hard-coded and credentials within its Linux distribution
# image. These sets of credentials (SSH) are never exposed to the end-user and cannot
# be changed through any normal operation of the camera. Attacker could exploit this
# vulnerability by logging in using the default credentials for the web panel or gain
# shell access.

# Hard-coded SSH access:
# ----------------------

fliruser:3vlig
root:hello

# Default web creds:
# ------------------

admin:admin
user:user
viewer:viewer
service:???
developer:???

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索