> For the complete documentation index, see [llms.txt](https://cdsbz.gitbook.io/untitled/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cdsbz.gitbook.io/untitled/secustion-camera-vulnerability-recurrence.md).

# Secustion Camera Vulnerability Recurrence

Secustion Camera Vulnerability Recurrence

1. First, let's go to the target landing page

![](/files/3R5t6CKUI0zAddPqMOmf)

1. Enter admin password for the account

![](/files/J5oIGPS9yvIlUvnJiRBE)

Then we use burpsuite to capture packets and intercept echoes

![](/files/ohADP7NYzsmtHSBYyxCa)

This is the echo package of the target

Next, we make modifications and release the data package

Change the echo package content to this and release

HTTP/1.0 200 OK

Content-Type:text/html

var check="1";

var authLevel ="255";

The login success prompt appears

![](/files/xXQjgZD9UrlhArFuvHuY)

![](/files/fUNz74m4OXruj4OZvkyZ)

Next, we read the administrator's plaintext password

![](/files/w0EM2PsK289EjUw9t473)

Click this function node and perform packet capture interception echo

![](/files/48UXkjKkcjwiszGeZy3i)

Then we saw the correct plaintext password of the administrator in the echo package

This vulnerability affects known product versions

V2.5.5.3116-S50-SMA-B20171107A,

V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A,

V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A,

V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A,

V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.
