Mathias Dietz Weblog

The Ovislink Airlive WL-5460CAM has a security hole which allows you to access the buildin Linux system, read and modify
configuration files.
How ?
-Open the web interface of the webcam
-Choose configuration
-Store/backup your configuration into a file
-Open this file with a text editor
-Search the section with the /sbin/ifconfig …. line, this section is the backup of your /etc/rc.d/rc.sysinit
-Everything you write into this section will be executed on startup (but be careful that it does not block/hang)
-For Example: Add a new line “ls -l /etc >> /etc/hosts” this will list all files in /etc and print the result in /etc/hosts
-Now restore your modified configuration file and reboot the webcam.
Why print to /etc/hosts ?

Because it is the next section in you backup configuration, after reboot you can read the result in your configuration backup.

Try it out ! If your Webcam doesn’t start anymore, you can reset it to the factory defaults.
With some effort it should also be possible to install a telnet or ssh binary to get remote access
Please keep me informed If you managed to get remote access.

Here is the process list of my webcam:

  PID  Uid     VmSize Stat Command
    1 root        316 S   init
    2 root            SW  [keventd]
    3 root            SWN [ksoftirqd_CPU0]
    4 root            SW  [kswapd]
    5 root            SW  [bdflush]
    6 root            SW  [kupdated]
    8 root            SW  [mtdblockd]
    9 root            SW  [ftld]
   10 root            SW  [khubd]
   13 root        312 S   init
   14 root        396 S   /bin/sh /etc/rc.d/rc.sysinit
   36 root            SW< [loop0]
  156 root        208 S   /usr/sbin/chkbutton
  158 root        220 S   /bin/op_server 0 0 0
  183 root        584 D   go-server
  184 root        416 S   ipv_server
  186 root        388 S   /bin/sh /etc/rc.d/rc.init.sh
  188 root        416 S   ipv_server
  189 root        416 S   ipv_server
  196 root        288 R   /bin/ps x