关键漏洞信息 Title: BEWARD Intercom 2.3.1 Credentials Disclosure Advisory ID: ZSL-2019-5505 Type: Local Impact: Exposure of Sensitive Information, Security Bypass Risk: 3/5 Release Date: 27.01.2019 Summary Multiaccessible User Operation, Electronic Lock Control, Real-Time Video, Two-Way Audio. The software is used for BEWARD IP video door stations control. Description The application stores logs and sensitive information in an unencrypted binary file called BEWARD.INTERCOM.FDB. A local attacker that has access to the current user session can successfully disclose plain-text credentials that can be used to bypass authentication to the affected IP camera and door station and bypass access control in place. Vendor BEWARD R&D Co., Ltd - https://www.beward.net Affected Version 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Tested On Microsoft Windows 10 Home (EN) Microsoft Windows 7 SP1 (EN) Vendor Status [28.11.2018] Vulnerability discovered. [30.11.2018] Vendor contacted. [30.11.2018] Received automated confirmation of message receipt and assigned Ticket ID: NCG-690-71011. [26.01.2019] No response from the vendor. [27.01.2019] Public security advisory released. PoC beward_creds.py Credits Vulnerability discovered by Gjoko Krstic - References [1] https://www.beward.net/product/5411 [2] https://packetstormsecurity.com/files/151345 [3] https://cxsecurity.com/issue/WLB-2019010265 [4] https://www.exploit-db.com/exploits/46267 [5] https://exchange.xforce.ibmcloud.com/vulnerabilities/156274 Changelog [27.01.2019] - Initial release [29.01.2019] - Added reference [2], [3] and [4] [31.01.2019] - Added reference [5]