7 Vulnerabilities in 400 Axis Camera Models Unearthed (CVE-2018-10658)

IP Cameras image

Several critical vulnerabilities have been uncovered in some 400 Axis camera models. The flaws could allow hackers to take full control over the affected camera or entangle them in botnets. VDOO researchers unearthed the vulnerabilities that could be compromised via the IP address of the camera. As a result hackers could spy on any audio or video records.

More about the Vulnerabilities in Axis Cameras

The exact number of vulnerabilities is seven: CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, and CVE-2018-10664. According to the researchers, some of the vulnerabilities could be chained together in a single attack:

Chaining three of the reported vulnerabilities together allows an unauthenticated remote attacker that has access to the camera login page through the network (without any previous access to the camera or credentials to the camera) to fully control the affected camera.

Furthermore, an attacker who obtained root control over the vulnerable cameras could also influence the way the cameras work by accessing and freezing their video stream. They could also listen to audio, control the camera’s movement, and include the camera in a botnet. The camera’s software could also be tampered with. The camera could also be deployed as an entry point for DDoS attacks.

In a conversation with ZDNet, VDOO CTO Asaf Karas said that root-access flaws are so threatening because the attacker “could practically use any feature of the camera and beyond”. “With the right resources, if someone knows of such vulnerabilities for a long time before they are patched — he or she could definitely violate individual’s privacy and organization’s security in a significant manner; and also could attack other targets using many of the affected cameras,” he added.

Fortunately, the researchers have reported that the several (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/cve-2018-10658-axis-camera-models/