Blog Axis Camera APP takeover

Aktuellesr-tec Blog | Axis Camera APP takeoverOctober 2024 Author: Fabian Mosch, @ShitSecureIntroductionIn 2018, Tenable published a blog post on how to get Remote Code Execution (RCE) on an Axis IP Camera with administrative credentials for the web application. By uploading a malicious APP file with the EAP extension, it's possible to execute code on the operating system level for persistence or data exfiltration.r-tec recently analysed an Axis IP Camera of the model F9111 in a penetration test for one of our customers. We already had administrative credentials for the web interface of the camera, but the published exploit failed to takeover the operating system. This blog post describes our analysis steps and how we still took over the operating system via a slightly different way. 1. Initial PoC failure and analysis2. The alternative1. Initial PoC failure and analysisAccording to the initial publication, the EAP APP files which can be installed on a camera with administrative privil...