Skip to content

CVE-2023-50488

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

CVE-2023-50488

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
factorytest
factorytest
 
 
README.md
README.md
 
 
gen_auth_file.sh
gen_auth_file.sh
 
 

README.md

PoC exploit for Blurams Lumi Security Camera (A31C) version up to 23.0406.435.4120 (CVE-2023-50488).

For details see: https://infosec.rm-it.de/2024/02/01/blurams-lumi-security-camera-analysis/

Run gen_auth_file.sh to generate the file auth.ini, adjust VERSION variable if needed.
Copy the auth.ini file to an SD-card into a folder named /factorytest/.
Create a shell script with any payload you want to execute, place it also in /factorytest/ folder, name it factorytest.sh.
Insert the SD-card into the camera device and reboot it. The /factorytest/factorytest.sh script will be executed with root privileges on the device.

See example files in /factorytest/ in this repository.
The payload will create a new UID 0 account with the name toor without a password, and the telnetd service will be started.
The new toor account can then be used to connect via telnet to the device.
Note that executing the factorytest script will not fully start all services on the device (e.g. the main camera binary will not be started).