CVE-2017-8225

CRITICAL EXPLOITED IN THE WILD

Wireless IP Camera (P2P) Firmware - Unauthenticated Credential Exposure via Empty Login Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2017-8225 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 4 public exploits from researchers including PierreKimSec, K3ysTr0K3R, kienquoc102.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in the GoAhead web server used in various IP cameras. It bypasses authentication to extract credentials and then executes arbitrary commands via crafted HTTP requests to achieve remote code execution.

Description

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

Exploits (4)

exploitdb WORKING POC
by PierreKimSec · cremotehardware
https://www.exploit-db.com/exploits/43142

This exploit targets a command injection vulnerability in the GoAhead web server used in various IP cameras. It bypasses authentication to extract credentials and then executes arbitrary commands via crafted HTTP requests to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GoAhead web server (used in IP cameras)
No auth needed
Prerequisites: Network access to the target device · GoAhead web server running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by K3ysTr0K3R · infoleak
https://github.com/K3ysTr0K3R/CVE-2017-8225-EXPLOIT

This PoC exploits CVE-2017-8225, an information disclosure vulnerability in GoAhead-based Wireless IP Camera (P2P) WIFICAM devices. It retrieves credentials by accessing the /system.ini endpoint with empty login parameters, parsing binary data for usernames and passwords.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GoAhead-based Wireless IP Camera (P2P) WIFICAM devices
No auth needed
Prerequisites: Network access to the vulnerable device · Exposed /system.ini endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by kienquoc102 · infoleak
https://github.com/kienquoc102/CVE-2017-8225

This repository contains a Python-based exploit for CVE-2017-8225, targeting vulnerable cameras with a GoAhead web server. It includes a scanner to identify vulnerable targets via Shodan and a brute-forcer to extract credentials from vulnerable devices.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GoAhead web server (5ccc069c403ebaf9f0171e9517f40e41)
No auth needed
Prerequisites: Shodan API key · Python 3 · requests library · colorama library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/threat9/routersploit

This repository contains the RouterSploit framework, an exploitation toolkit for embedded devices, including exploits, scanners, and credential testing modules. The framework is designed to test and exploit vulnerabilities in routers and other embedded systems.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Embedded devices (routers, cameras, etc.)
No auth needed
Prerequisites: Python 3.6+ · Dependencies listed in requirements.txt
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Mar/23

Scores

CVSS v3 9.8
EPSS 0.1787
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-10-19
InTheWild.io 2017-10-25
CWE
CWE-522
Status published
Products (1)
wificam/wireless_ip_camera_\(p2p\)_firmware
Published Apr 25, 2017
Tracked Since Feb 18, 2026