[Suggested description]
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
A local attacker with the "default" account is capable of reading the
/etc/passwd file, which contains a weakly hashed root password.
By taking this hash and cracking it, the attacker
can obtain root rights on the device.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Sannce
------------------------------------------
[Affected Product Code Base]
Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
------------------------------------------
[Affected Component]
Root user through file /etc/passwd
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
To exploit the vulnerability, someone must be able to get local
presence on the device. e.g. through command injection or by using the
telnet interface as a low-privileged user.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
------------------------------------------
[Reference]
https://www.sannce.com
Use CVE-2019-20466.