关键漏洞信息 Title: iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure Advisory ID: ZSL-2019-5539 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: 3/5 Release Date: 29.10.2019 Summary The 4/8/16 channel hybrid standalone DVR delivers high-quality pictures by adopting high-performance video processing chips and an embedded Linux system. When the script is called, the DVR is vulnerable to unauthorized and unauthenticated live stream disclosure. Vendor iSeeQ: http://www.iseeq.co.kr Affected Version WH-H4 1.03R / 2.0.0.P Tested On Boa/0.94.13 PHP/7.0.22 DVR Web Server POC iseiq_dvrstream.sh Credits Vulnerability discovered by Gjoko Krstic - References [1] https://packetstormsecurity.com/files/155032 [2] https://www.exploit-db.com/exploits/47562 [3] https://cxsecurity.com/issue/WLB-2019100192 [4] https://exchange.xforce.ibmcloud.com/vulnerabilities/170650 Changelog [29.10.2019] - Initial release [31.10.2019] - Added references [1], [2], and [3] [01.11.2019] - Added reference [4]