Login Sign Up

CVE-2021-40380

7.5 HIGH

📋 TL;DR

This vulnerability allows unauthenticated attackers to retrieve camera credentials by accessing specific CGI scripts (cameralist.cgi and setcamera.cgi) on affected Compro IP camera devices. This affects Compro IP70, IP570, IP60, and TN540 models running vulnerable firmware versions, potentially exposing camera credentials to anyone who can reach the device's web interface.

💻 Affected Systems

Products:
  • Compro IP70
  • Compro IP570
  • Compro IP60
  • Compro TN540
Versions: IP70: 2.08_7130218, IP570: 2.08_7130520, IP60 and TN540: unspecified vulnerable versions
Operating Systems: Embedded camera firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations appear vulnerable as the CGI scripts are accessible without authentication.

📦 What is this software?

Ip570 Firmware by Comprotech

View all CVEs affecting Ip570 Firmware →

Ip60 Firmware by Comprotech

View all CVEs affecting Ip60 Firmware →

Ip70 Firmware by Comprotech

View all CVEs affecting Ip70 Firmware →

Tn540 Firmware by Comprotech

View all CVEs affecting Tn540 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to cameras, enabling them to view live feeds, modify settings, disable cameras, or use credentials to pivot to other network systems.

🟠

Likely Case

Unauthorized users access camera feeds and configuration settings, compromising privacy and potentially using credentials for further attacks.

🟢

If Mitigated

If cameras are isolated on separate VLANs with strict firewall rules, impact is limited to camera access only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP GET requests to specific URLs. Public proof-of-concept code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

No official patch identified. Check vendor website for firmware updates addressing CVE-2021-40380.

🔧 Temporary Workarounds

Block CGI Script Access

linux

Configure web server or firewall to block access to cameralist.cgi and setcamera.cgi scripts

iptables -A INPUT -p tcp --dport 80 -m string --string "cameralist.cgi" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 80 -m string --string "setcamera.cgi" --algo bm -j DROP

Network Segmentation

all

Isolate cameras on separate VLAN with strict firewall rules limiting access to management interfaces

🧯 If You Can't Patch

  • Remove cameras from internet-facing networks immediately
  • Implement strict network access controls allowing only authorized management stations to access camera web interfaces

🔍 How to Verify

Check if Vulnerable:

Access http://[camera-ip]/cameralist.cgi and http://[camera-ip]/setcamera.cgi - if they return credential information without authentication, device is vulnerable.

Check Version:

Check firmware version via camera web interface or vendor-specific CLI commands

Verify Fix Applied:

Attempt to access the CGI scripts after implementing workarounds - they should return error messages or be inaccessible.

📡 Detection & Monitoring

Log Indicators:

  • HTTP GET requests to /cameralist.cgi or /setcamera.cgi from unauthorized IP addresses
  • Multiple failed authentication attempts followed by CGI script access

Network Indicators:

  • Unusual HTTP traffic patterns to camera CGI scripts
  • Credential data in HTTP responses

SIEM Query:

source="camera_logs" AND (uri="/cameralist.cgi" OR uri="/setcamera.cgi") AND src_ip NOT IN [authorized_management_ips]

📊 Metadata

CVE ID: CVE-2021-40380
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: September 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON