Hacking into security cameras | CVE-2020-25078

Finding open security or public cameras on internet is an easy task, by using google dorks.

Below are some google dorks to find public cameras

• inurl:currenttime inurl:top.htm

• inurl:/view.shtml

• inurl:"lvappl.htm"

• inurl:”CgiStart?page=”

• inurl:/view.shtml

• intitle:”Live View/ — AXIS”

• inurl:iview/view.shtml

• inurl:ViewerFrame?M0de=

• inurl:ViewerFrame?M0de=Refresh

• inurl:axis-cgi/jpg

• inurl:"view.shtml" "camera"

• inurl:"MultiCameraFrame?Mode=Motion"

• inurl:/live.htm intext:"M-JPEG"|"System Log"|"Camera-1"|"View Control"

• intitle:"IP CAMERA Viewer" intext:"setting | Client setting"

Some public cameras using google dorks

CVE-2020-25078 Detail

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.