Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

Posted by deepcore on July 11, 2017 – 9:00 pm

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter ‘enable_leds’ located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Schneider Electric Pelco VideoXpert Privilege Escalation Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL