CVE ID | CVE-2024-5631 |
Publication date | 09 July 2024 |
Vendor | Longse Technology |
Product | NVR3608PGE2W |
Vulnerable versions | All |
Vulnerability type (CWE) | Cleartext Transmission of Sensitive Information (CWE-319) |
Report source | Report to CERT Polska |
CVE ID | CVE-2024-5632 |
Publication date | 09 July 2024 |
Vendor | Longse Technology |
Product | NVR3608PGE2W |
Vulnerable versions | All |
Vulnerability type (CWE) | Use of Default Credentials (CWE-1392) |
Report source | Report to CERT Polska |
CVE ID | CVE-2024-5633 |
Publication date | 09 July 2024 |
Vendor | Longse Technology |
Product | LBH30FE200W |
Vulnerable versions | All |
Vulnerability type (CWE) | Hidden Functionality (CWE-912) |
Report source | Report to CERT Polska |
CVE ID | CVE-2024-5634 |
Publication date | 09 July 2024 |
Vendor | Longse Technology |
Product | LBH30FE200W |
Vulnerable versions | All |
Vulnerability type (CWE) | Use of Weak Credentials (CWE-1391) |
Report source | Report to CERT Polska |
Description
CERT Polska has received a report about vulnerabilities in Longse Technology LBH30FE200W NVR (Network Video Recorder) and LBH30FE200W camera firmware and participated in coordination of their disclosure.
The vulnerability CVE-2024-5631 in a firmware of Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. The credentials are being sent when a user decides to change his password in router's portal.
The vulnerability CVE-2024-5632 in a firmware of Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.
The vulnerability CVE-2024-5633 in a firmware of Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.
The vulnerability CVE-2024-5634 in a firmware of Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same password.
Both products has met end-of-life phase and according to the vendor they will not receive any patches addressing the vulnerabilities. Other devices based upon these ones such as Zamel ZMB-01/ZMB-01C remain vulnerable as well.
Credits
We thank Adam Zambrzycki for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.