CVE-2022-30620
📋 TL;DR
This vulnerability allows attackers with web access to Cellinx cameras to elevate privileges from guest (1) to administrator (0) by manipulating cookie values. Attackers can gain administrative control over camera configurations. This affects Cellinx cameras with guest access enabled.
💻 Affected Systems
- Cellinx Camera
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete camera compromise allowing configuration changes, firmware modification, disabling security features, and potential use as network pivot point.
Likely Case
Unauthorized administrative access leading to camera configuration changes, surveillance disruption, or credential harvesting.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external access to camera web interfaces.
🎯 Exploit Status
Exploitation requires web access to camera interface but is simple cookie manipulation. No authentication bypass needed if guest access is enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.gov.il/en/departments/faq/cve_advisories
Restart Required: No
Instructions:
Check vendor advisory for firmware updates. If no patch available, implement workarounds immediately.
🔧 Temporary Workarounds
Disable Guest Access
allDisable guest user functionality on Cellinx cameras to prevent exploitation.
Access camera web interface > Security settings > Disable guest user account
Network Segmentation
allIsolate cameras on separate VLAN with restricted access to management interfaces.
Configure firewall rules to block external access to camera web ports (typically 80/443)
🧯 If You Can't Patch
- Disable guest access on all cameras immediately
- Implement strict network access controls to camera management interfaces
- Monitor for unauthorized configuration changes
🔍 How to Verify
Check if Vulnerable:
Check if guest access is enabled on camera web interface and test cookie manipulation of is_admin/showConfig values.Check Version:
Check firmware version in camera web interface under System InformationVerify Fix Applied:
Verify guest access is disabled and cookie manipulation no longer grants administrative privileges.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful admin access
- Configuration changes from non-admin IP addresses
- Cookie manipulation attempts in web logs
Network Indicators:
- Unusual HTTP requests to camera web interface with modified cookie values
- Traffic to camera management ports from unauthorized sources
SIEM Query:
source="camera_web_logs" AND (cookie="is_admin=0" OR cookie="showConfig=0") AND user_agent!="admin_browser"