# Secustion Camera Vulnerability Recurrence Secustion Camera Vulnerability Recurrence 1. First, let's go to the target landing page ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2Fl0FgD6nw7DEuQN3N2JNX%2F0?alt=media) 1. Enter admin password for the account ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2FaV3SRcB4pvay0nqMqfRG%2F1?alt=media) Then we use burpsuite to capture packets and intercept echoes ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2Fz150aL9mY5teJ6Fvi3Va%2F2?alt=media) This is the echo package of the target Next, we make modifications and release the data package Change the echo package content to this and release HTTP/1.0 200 OK Content-Type:text/html var check="1"; var authLevel ="255"; The login success prompt appears ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2FENskGuNeBME4Gu8UeQs9%2F3?alt=media) ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2F1pNXhRHXUwffjqBctRyK%2F4?alt=media) Next, we read the administrator's plaintext password ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2FyrPy32xHHdOwHvSDy65g%2F5?alt=media) Click this function node and perform packet capture interception echo ![](https://1704365390-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwFCuQuwpIN7ZlaE55hPX%2Fuploads%2FNyN5ECnTp2fUeCI22BpA%2F6?alt=media) Then we saw the correct plaintext password of the administrator in the echo package This vulnerability affects known product versions V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.