SIK-2016-046
Title:
CSRF Vulnerability in Gigaset Smarthome Camera Configuration Interface
Report ID
SIK-2016-046
Summary:
- Vendor: Gigaset elements GmbH
- Product: Gigaset Smarthome Camera
- Affected Version: Firmware 1.10 (build 20140802)
- Severity: medium
- Short summary: Cross-Site-Request-Forgery (CSRF) vulnerability in camera configuration interface
Details:
The web configuration interface of the camera has no CSRF protections. This means an attacker can preset different security-related setting in form of a link . A n example link for activating UPnP function and port forwarding of the camera looks like:
http://admin:TFVDS09UVkY3NkIwMEEwOEYyQzdZQ0FNVkY%3D@<IP_cam>/form/upnpApply?UPNPD=enable&HTTPP
ORTFWD=enable&EXTPORT1=8150&EXTPORT2=8350&RTPPORTFWD=enable
The CSRF vulnerability allows an attacker to trigger different webcam settings remotely by hiding the settings in an obfuscated link. He sends the link to a victim, which triggers the modifications once clicked on the link.
Workaround
In general, it is hard to define effective workarounds to guarantee the protection of the system. The attack is realized by an internal attacker, so a secure network
infrastructure is important. Suspicious links concerning the ip of the camera should be double-checked.
Suggested Mitigation
CSRF prevention should be integrated in the webserver (see OWASP )
Timeline
- 2016-07-27 Vulnerability Discovered
- 2016-08-15 Vulnerability Reported
- 2016-09-14 Vulnerability Fixed