Vulnerability & Exploit Database

Back to search

Axis Network Camera .srv to parhand RCE

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/axis_srv_parhand_rce

Authors

  • Or Peles
  • wvu <wvu [at] metasploit.com>
  • sinn3r <sinn3r [at] metasploit.com>
  • Brent Cook
  • Jacob Robles
  • Matthew Kienow
  • Shelby Pace
  • Chris Lee
  • Cale Black

References

Targets

  • Unix In-Memory
  • Linux Dropper

Platforms

  • unix
  • linux

Architectures

  • cmd
  • armle
  • cmd
  • armle

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/axis_srv_parhand_rce msf exploit(axis_srv_parhand_rce) > show targets ...targets... msf exploit(axis_srv_parhand_rce) > set TARGET <target-id> msf exploit(axis_srv_parhand_rce) > show options ...show and set options... msf exploit(axis_srv_parhand_rce) > exploit