metasploit-gs/documentation/modules/exploit/linux/http/axis_srv_parhand_rce.md

This module exploits multiple vulnerabilities against Axis Network Cameras, including an authentication bypass in the .srv functionality, as well as a command injection in "parhand", in order to gain arbitrary remote code execution under the context of root.

The exploit currently only supports the following payloads:

• cmd/unix/bind_netcat_gaping
• cmd/unix/reverse_netcat_gaping

Vulnerable Application

The particular firmware (Companion Dome V) tested for this exploit was 6.15.4, web version 16.05.02.

For a list of affected Axis products, please go to the following page: https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Verification Steps

1. Start msfconsole
2. Do: exploit/linux/http/axis_srv_parhand_rce
3. Do: set rhosts [IP]
4. Do: show payloads to select a payload (that is not ipv6)
5. Do: set payload [name of payload]
6. Set LHOST if you are using a reverse shell
7. Do: run
8. You should get a session