cbcvebase.
CVE-2017-17761
published 2017-12-19

CVE-2017-17761: An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN)…

PriorityP182critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.21%
93.5th percentile
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a id command results in a ok response.

Detection & IOCsextracted from sources · hover to see the quote

port1300
processnoodles
command<system>id</system>
path/app/www/doc/script/login.js
othersuper_yg
other123
  • Monitor for TCP connections to port 1300 on IP camera devices; traffic containing XML <system> tags is indicative of RCE exploitation of the 'noodles' service.
  • Detect unauthenticated telnet login attempts using the hardcoded password '123' against Ichano AtHome IP camera devices.
  • Detect HTTP login attempts using the hardcoded username 'super_yg' against the web interface of Ichano AtHome IP camera devices; this bypasses normal authentication via client-side logic.
  • ·Exploitation of the 'noodles' RCE service (port 1300) is limited to LAN-adjacent attackers; external internet-facing exposure would require the device to be directly reachable or behind port-forwarding.
  • ·No vendor patch or workaround was available at time of disclosure; Ichano did not respond to repeated contact attempts beginning November 21st, 2017.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.