EZVIZ Smart Camera Vulnerabilities

A place for discussion of topics that are not specific to ZoneMinder. This could include Linux, Video4Linux, CCTV cameras or any other topic.
Post Reply
alabamatoy
Posts: 349
Joined: Sun Jun 05, 2016 2:53 pm

EZVIZ Smart Camera Vulnerabilities

Post by alabamatoy »

From SANS Newsbites:
EZVIZ Smart Camera Vulnerabilities
(September 15, 2022)

Researchers from Bitdefender have detected multiple vulnerabilities in EZVIZ smart cameras. Three of the flaws – a stack-based buffer overflow vulnerability, an insecure direct object reference vulnerability, and a strong passwords in a recoverable format vulnerability – can be exploited remotely. A fourth flaw – an improper initialization vulnerability – is locally exploitable. The flaws can be chained to gain remote control of vulnerable cameras and download and decrypt images. The issues affect at least five models of EZVIZ cameras. Patches are available.

Editor's Note

[Neely]
Unlike the old hard-wired analog devices of the past, modern IoT security cameras need to be kept updated. And the frequency of those updates may not be sufficient for all scenarios, which means they should be able to connect only to the services they absolutely need. Use a separate network or SSID, just as your old CCTV system was dedicated to that purpose. Lastly, if your vendor seems disinclined to address security issues, you should be disinclined to continue using their devices.

Read more in:
- www.bitdefender.com: Vulnerabilities Identified in EZVIZ Smart Cams
- www.darkreading.com: Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks
Post Reply