| Título | APEMAN IP CAMERA Model ID71 sysversion: 218.53.203.117 Hard-coded Credentials |
|---|
| Descrição | The APEMAN IP Camera Model ID71 contains hard-coded credentials that allow unauthorized administrative and root access.
Affected firmware:
- Sysversion: x.x.x.x
- oem_version: YRDS
- APP_VERSION_C23S
Evidence of hard-coded credentials:
- /system/www/system.ini and /system/param/login.cgi expose a static web admin account:
- username: admin
- password: HYHjp261427
/tmp/system/param/passwd contains a root shell account:
- username: vstarcam2017
- password: 20170912 (default root password)
Because these credentials are embedded and not user-modifiable, any attacker with network access can trivially authenticate to the device. This grants full administrative privileges and shell access, exposing video feeds, device configuration, and potentially the local network.
Impact:
- Full compromise of confidentiality (video/audio streams).
- Integrity loss (device settings can be changed).
- Availability risks (device takeover, participation in botnets).
Vendor status:
The vendor APEMAN no longer sells this camera model. It appears to have been discontinued or rebranded (OEM channel: YRDS). Attempts to contact the vendor were unsuccessful. |
|---|
| Utilizador | juliourena (UID 90207) |
|---|
| Submissão | 14/09/2025 20h14 (há 7 meses) |
|---|
| Moderação | 27/09/2025 20h09 (13 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 326209 [Apeman ID71 218.53.203.117 /system/www/system.ini Autenticação fraca] |
|---|
| Pontos | 17 |
|---|