Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure

Vulnerability

A vulnerability exists in Guangzhou Yingke Electronic Technology Ncast high-definition intelligent recording and broadcasting system versions 2007 through 2017 [1]. The issue resides in the /manage/IPSetup.php file, which is accessible through the guest login interface without proper authorization checks [1]. This allows a user logged in as a guest to access administrative server settings, leading to information disclosure.

Exploitation

An attacker can exploit this vulnerability remotely by first logging into the Ncast system using the guest account [1]. After obtaining guest access, the attacker visits the URL ip:port/manage/IPSetup.php [1]. The system does not enforce access controls for this endpoint, allowing the guest user to view the page that should only be accessible to administrators [1]. No special privileges or authentication beyond the guest login are required.

Impact

Successful exploitation leads to unauthorized information disclosure [1]. The attacker can view server configuration settings displayed on the /manage/IPSetup.php page, potentially exposing sensitive data such as network configuration, IP addresses, and other system details. The attack does not allow modification of settings or code execution, but the leaked information could aid further attacks.

Mitigation

As of the publication date, no official patch or fixed version has been released [1]. The vulnerability affects all Ncast versions from 2007 to 2017, and the product may be end-of-life. Administrators should restrict network access to the Ncast system, disable guest login if not required, and implement additional access controls such as a web application firewall or reverse proxy to block unauthorized access to /manage/IPSetup.php. The vendor has not provided a workaround or update.