Home > Articles > Security > Network Security

  • Print
  • + Share This

Filesystem DoS

Finally, we found a rather interesting bug in one of the scripts of the camera. What this script is actually responsible for, we aren't really sure, but its existence got our attention because there are other AXIS vulnerabilities in this file in other cameras. During our fuzzy efforts, we found that the camera would reboot after making the following request more than 129 times. Once we made that final request, the camera would reboot.

http://192.168.1.101/axis-cgi/buffer/command.cgi?do=start&buffername=<unique buffer name>

To do this, we used Crowbar, a HTTP fuzzing tool by SensePost (Figure 2).

Figure 2

Figure 2 Crowbar DoS'ing the camera.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.