Teradek VidiU Pro 3.0.3 SSRF Vulnerability Title: Teradek VidiU Pro 3.0.3 SSRF Vulnerability Advisory ID: ZSL-2018-5461 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information, System Access Risk: 4/5 Release Date: 21.05.2018 Summary: The Teradek VidiU allows you to broadcast live high definition video directly to the Web without a PC. The application offers API level integration with Ustream, YouTube Live and Livestream platforms, making streaming as easy as logging into your account. Description: A server-side request forgery (SSRF) vulnerability exists in the VidiU management interface within the RTMP settings and Wowza server mode functionality. An attacker can bypass firewalls and initiate service and network enumeration on the internal network through the affected application. Vendor: Teradek, LLC - https://www.teradek.com Affected Version: VidiU, VidiU Mini, VidiU Pro 3.0.3 (build 32136) 3.0.2 (build 31225) 2.4.10 Tested On: lighttpd/1.4.48 lighttpd/1.4.31 Vendor Status: 02.03.2018: Vulnerability discovered. 08.05.2018: Vendor contacted. 08.05.2018: Vendor replied asking more details. 08.05.2018: Sent details to the vendor. 10.05.2018: Asked vendor for status update. 13.05.2018: No response from the vendor. 14.05.2018: Asked vendor for status update. 20.05.2018: No response from the vendor. 21.05.2018: Public security advisory released. PoC: teradek_vidiu_ssrf.txt Credits: Vulnerability discovered by Gjoko Krstic - gjoko@zeroscience.mk References: 1. https://www.exploit-db.com/exploits/44672/ 2. https://exchange.xforce.ibmcloud.com/vulnerabilities/143653 3. https://packetstormsecurity.com/files/147725 4. https://cxsecurity.com/issue/WLB-2018050170 Changelog: 21.05.2018: Initial release 29.05.2018: Added references Contact: Zero Science Lab http://www.zeroscience.mk lab@zeroscience.mk