Author: Knownsec 404 ZoomEye Team
Time: 2018/07/16
Chinese version: https://paper.seebug.org/653
1. Event Summary
Shenzhen NEO Coolcam electronics co. LTD is a new high-tech company that integrates the R&D, production, and marketing of network digital products. It’s the pioneer in the field of Webcam in China. The company set up a domestic Camera R&D Center in 2004 and obtained many national patents. The products were authorized via the national quality supervision department and the international standard certification like CE and FCC.
As early as August 02, 2017, the security researcher of Bitdefender companies had pointed out that there are multiple buffer overflow vulnerabilities in devices such as NIP-22 and Wi-Fi iDoorbell. Thousands of related devices that leaked on the public network are threatened with potential security threats. The researchers also provided relevant reports. Around September 2017, we noticed the latest firmware released on the NEO Coolcam’s official English website, which fixed the overflow vulnerabilities.
On July 10, 2018, we used ZoomEye Cyberspace Search Engine to locate related devices and found 650,000 IP history records in the later risk assessment of IOT devices which are susceptible to this vulnerability. China has the largest number of devices with the vulnerability, about 167,000. In addition, we have the following findings:
-
During the year between the release of the official updated version for the firmware by Coolcam and the publication of this article, most of the devices still didn’t install the updated firmware. There are following reasons: 1. The target device itself doesn’t have an automatic upgrade mechanism. 2. Ordinary users could not realize the existence of vulnerabilities, thus manually update firmware.3. The updated firmware was only published on the official English website. 4. The equipment produced by other OEM manufacturers also had the same vulnerabilities.
-
In the process of target equipment firmware audit, we have found the bypass login vulnerability, which will be presented in the following sections.
This means that a large number of target devices are at risk. The 404 Security Team has made an in-depth study of a series of buffer overflow vulnerabilities in NEO Coolcam’s NIP-22FX cameras and executed remote code successfully from the buffer overflow, which confirmed that the vulnerability has the potential risk of being exploited by black products. Bypass login vulnerability has been found in the process of an audit at the same time, which is also a serious threat to user privacy.
2. Vulnerability analysis
2.1 Target equipment information
Device version: Neo Coolcam IPCam NIP-22FX
Vulnerability binary file: MD5 (ipc_server) = 312d924344364620d85099ed279a5f03
Firmware version: V7.7.4.1.1-20160701
The main program for web service and RTSP service is the ipc_server file, and the target system is an ARM, 32-bit small end architecture.
转载请注明:IAMCOOL » ZoomEye Data Analysis Report – NEO Coolcam's Webcam Vulnerabilities