Axis camera vulnerabilities

A place for discussion of topics that are not specific to ZoneMinder. This could include Linux, Video4Linux, CCTV cameras or any other topic.
Post Reply
alabamatoy
Posts: 139
Joined: Sun Jun 05, 2016 2:53 pm

Axis camera vulnerabilities

Post by alabamatoy » Tue Jun 19, 2018 7:51 pm

From the latest SANS Newsbites:

Vulnerabilities in Axis Cameras
(June 18, 2018)

Security flaws in Axis Internet-connected video cameras could be exploited to gain remote control of vulnerable devices and use them to spy on users, take control of the camera, or make it part of a botnet. In all, seven flaws were identified. Axis has updated firmware for the affected devices.

Editor's Notes

[Ullrich]
The authentication bypass vulnerability will likely be exploited soon. Patch. Or better: Do not expose ANY cameras to the Internet.

[Murray]
While more cameras than baby monitors are attached directly to the Internet, few are able to resist malicious traffic from that network. Few are directly managed or maintained. Updated firmware late is not an effective or efficient remedy for poor early design and implementation.

Read more in:
- http://threatpost.com/axis-cameras-ridd ... ol/132888/: Axis Cameras Riddled With Vulnerabilities Enabling "Full Control"
- http://www.bleepingcomputer.com/news/se ... ra-models/: Vendor Patches Seven Vulnerabilities Across 392 Camera Models
- http://www.zdnet.com/article/vulnerabil ... searchers/: Vulnerabilities in these IoT cameras could give attackers full control, warn researchers

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests