Geovision Inc. IP Camera & Video Server Remote Command Execution PoC
Have a nice day
/bashis
Subscriber Discussion
Geovision Inc. Multiple Vulnerbilites (+15)
bm
bashis mcw
Feb 01, 2018You may want to read the 'readme' too, if you have these deployed...
https://github.com/mcw0/PoC/blob/master/README.md
U
Undisclosed #1
Feb 01, 2018Question, when you first contact a vendor are you somewhat vague about the specific vulnerability until they respond the first time?
Asking because of the timeline here.
*Yes, it’s me*
bm
bashis mcw
Feb 02, 2018Depends, if it's known contact I'll share full details initially, if it's unknown contact I'm bit more restrictive with full details initially.
UI
Undisclosed Integrator #2
Feb 02, 2018Hey Bashis,
In your option which manufacture would you consider the most secure? Just wondering what your thoughts on the environment is.
bm
bashis mcw
Feb 02, 2018Difficult questions, spontaneously I would say those who offer easy download of firmware (anonymous and non-cloud), has non-encrypted firmware, not based or carry traces from HiSilicon, using continuously audited open source by the community with updated open source trees such as the Yocto Project and not building their stuff in one or more big blobs.
Can you name one or more manufactures?
UI
Undisclosed Integrator #2
Feb 03, 2018bm
bashis mcw
Feb 03, 2018Sorry #U2, but that's the reality what I've seen so far, I could name one manufacture that's not so bad overall, and also the only one I've seen who actually using Yocto Project for some models, that make me to rate pretty OK, but I prefer into this post not to shout any name.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions