Executive Summary

This vulnerability affects the Trivision NC-227WF device running firmware 5.80. It arises because the device's web authentication improperly accepts HTTP Basic authentication credentials instead of enforcing HTTP Digest authentication. This allows attackers to bypass authentication and access the web interface and camera streams. Additionally, the device returns different error messages for invalid usernames ('Unknown user') versus incorrect passwords ('Wrong password'), enabling attackers to enumerate valid usernames. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized access to the device's web interface and camera streams. Attackers can enumerate valid usernames, facilitating targeted brute force or credential stuffing attacks. This exposure can compromise device security and privacy by revealing sensitive configuration endpoints and embedded stream credentials. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the device's web interface using HTTP Basic authentication on endpoints protected by Digest authentication. For example, using the curl command: curl -u admin:admin http://<device_ip>:20080/en/player/flash_vga.asp. If the device returns the full web interface HTML without triggering a Digest challenge, it indicates the vulnerability. Additionally, observing different login error messages such as "Unknown user" versus "Wrong password" during login attempts can confirm username enumeration. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include enforcing Digest authentication exclusively and rejecting Basic authentication on Digest-protected endpoints, normalizing login error messages to prevent username validity disclosure, rotating any exposed credentials, auditing logs for suspicious activity, restricting management interface access by IP address, and placing the device behind an authenticated gateway. [1]

Useful 0 Not Useful 0