Header Ads

Dangerous Vulnerability Detected In India's Popular IP-Cameras

IP-Camera Vulnerable
Popular IP-Camera Vulnerable 
The problem is revealed in thousands of cameras manufactured by Dahua around the world and most popular in India.And are broadly used for video surveillance in the banking sector, energy, Education Sectors, telecommunications and other areas.
Positive Technologies has announced that its expert, Ilya Smith, has identified and helped in addressing a critical vulnerability in Dahua's IP camera firmware. They are widely used for video surveillance in the banking sector, energy, telecommunications, transport, smart home systems and other areas. This problem has affected thousands of cameras around the world, produced by Dahua both under its own brand, and made for other customers.
Vulnerability CVE-2017-3223 received a maximum score of 10 on the CVSS Base Score scale. The lack of security is associated with the possibility of Buffer Overflow in the web interface Sonia, designed for remote control and configuration of cameras. An unauthorized user can send a specially crafted POST request to a vulnerable web interface and remotely gain administrator privileges, which means unlimited control over the IP camera.
"From a software point of view, this vulnerability makes it possible to do anything with the camera," said Ilya Smith, senior research specialist at Positive Technologies. - Intercept and modify video traffic, turn on the device in a botnet for DDoS attacks like Mirai and much more. Dahua holds the second place in the world in the field of IP-cameras and DVR, while the vulnerability we discovered is very easy to use, which once again demonstrates the level of security in the field of Internet of Things Devices. "

The vulnerability was detected in IP cameras with the software DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R and earlier versions of the firmware. To resolve the error, you must update the software to the DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 version. More details can be found on the CERT website of the Carnegie Mellon University.
According to the research of Positive Technologies, attackers can potentially gain access to more than 3.5 million IP-cameras around the world. In addition, about 90% of all DVR systems used today for video surveillance by small and medium-sized businesses contain certain vulnerabilities and can be hacked.
This isn't the first case of cooperation between the two companies. In 2013, Positive Technologies specialists helped to identify and eliminate numerous vulnerabilities in Dahua DVR systems.

And, of course, stay on top of the latest consumer and mobile security threats by following us on Twitter, and Like us on Facebook.

Powered by Blogger.