Airlink AIC250W insecure... Totally...
Posted: Mon Feb 02, 2009 12:29 am
Given the ip address and port number to an AIC250/W the system can be completely compromised...
The admin username and password can be passed directly to an intruder in plain text via the devices internal scripts... Via HTTP get requests, with or without access control turned on...
If anyone knows any way that the AIC250 device can be secured using the internal software please advise...
Additionally using "/video.cgi" the mjpeg stream is accessable with or without a password to anyone...
Uh oh...
Ken
The admin username and password can be passed directly to an intruder in plain text via the devices internal scripts... Via HTTP get requests, with or without access control turned on...
If anyone knows any way that the AIC250 device can be secured using the internal software please advise...
Additionally using "/video.cgi" the mjpeg stream is accessable with or without a password to anyone...
Uh oh...
Ken