| 제목 | APEMAN IP CAMERA Model ID71 sysversion: 218.53.203.117 Hard-coded Credentials |
|---|
| 설명 | The APEMAN IP Camera Model ID71 contains hard-coded credentials that allow unauthorized administrative and root access.
Affected firmware:
- Sysversion: x.x.x.x
- oem_version: YRDS
- APP_VERSION_C23S
Evidence of hard-coded credentials:
- /system/www/system.ini and /system/param/login.cgi expose a static web admin account:
- username: admin
- password: HYHjp261427
/tmp/system/param/passwd contains a root shell account:
- username: vstarcam2017
- password: 20170912 (default root password)
Because these credentials are embedded and not user-modifiable, any attacker with network access can trivially authenticate to the device. This grants full administrative privileges and shell access, exposing video feeds, device configuration, and potentially the local network.
Impact:
- Full compromise of confidentiality (video/audio streams).
- Integrity loss (device settings can be changed).
- Availability risks (device takeover, participation in botnets).
Vendor status:
The vendor APEMAN no longer sells this camera model. It appears to have been discontinued or rebranded (OEM channel: YRDS). Attempts to contact the vendor were unsuccessful. |
|---|
| 사용자 | juliourena (UID 90207) |
|---|
| 제출 | 2025. 09. 14. PM 08:14 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 27. PM 08:09 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 326209 [Apeman ID71 218.53.203.117 /system/www/system.ini 약한 인증] |
|---|
| 포인트들 | 17 |
|---|