Summer Baby Zoom WiFi
Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong. GTV_Hacker:General_disclaimer
This page will be dedicated to a general overview, descriptions, and information related to the Summer Baby Zoom WiFi Camera.
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the Summer Baby Zoom WiFi Camera at Amazon
The pin-out for UART can be found on the images below.
Hardcoded MFG Credentials
The Summer Baby Zoom WiFi has an administrative username and password that can be used to access the cam and which does not change. This set of credentials is one of 3 sets with the other 2 being specific to the camera itself and matching the password listed on the camera.
The two accounts which use the password listed on the camera are:
- Normal Priviledged Username:
- Admin Username:
Command Execution Through systemGT.cgi
The "systemGT.cgi" script contains a method of executing commands as a root user on the Summer BabyZoom WiFi.
In the image above you can see that the value supplied within the posted "systemGT" variable is combined with an ampersand and executed with the imported "system" function call. This allows us to use the following curl call to execute commands remotely on the device.
curl -u [email protected]!:[email protected]' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=COMMANDHERE"
Fixing "Hard Coded" Credentials
Since the credentials are stored in nvram the process to change them is easy but could lead to some issues with the main binary that runs on the device. However if you wish to proceed the process is simple and can be done leveraging the systemGT script.
To fix follow these instructions:
- On a Linux or OSX machine enter the following command to change the password to your desired password.
curl -u [email protected]!:[email protected]' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram set UserSetSetting.userList.users1.password%3DNEW_PASSWORD_HERE"
- Commit password changes made above.
curl -u [email protected]!:[email protected]' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"