SIK-2016-046


Title:

CSRF Vulnerability in Gigaset Smarthome Camera Configuration Interface

Report ID

SIK-2016-046

Summary:

  • Vendor: Gigaset elements GmbH
  • Product: Gigaset Smarthome Camera
  • Affected Version: Firmware 1.10 (build 20140802)
  • Severity: medium
  • Short summary: Cross-Site-Request-Forgery (CSRF) vulnerability in camera configuration interface

Details:

The web configuration interface of the camera has no CSRF protections. This means an attacker can preset different security-related setting in form of a link . A n example link for activating UPnP function and port forwarding of the camera looks like:

http://admin:TFVDS09UVkY3NkIwMEEwOEYyQzdZQ0FNVkY%3D@<IP_cam>/form/upnpApply?UPNPD=enable&HTTPP
ORTFWD=enable&EXTPORT1=8150&EXTPORT2=8350&RTPPORTFWD=enable

The CSRF vulnerability allows an attacker to trigger different webcam settings remotely by hiding the settings in an obfuscated link. He sends the link to a victim, which triggers the modifications once clicked on the link.

Workaround

In general, it is hard to define effective workarounds to guarantee the protection of the system. The attack is realized by an internal attacker, so a secure network
infrastructure is important. Suspicious links concerning the ip of the camera should be double-checked.

Suggested Mitigation

CSRF prevention should be integrated in the webserver (see OWASP )

Timeline

  • 2016-07-27 Vulnerability Discovered
  • 2016-08-15 Vulnerability Reported
  • 2016-09-14 Vulnerability Fixed