Geovision Inc. IP Camera & Video Server Remote Command Execution PoC
Have a nice day
/bashis
You may want to read the 'readme' too, if you have these deployed...
https://github.com/mcw0/PoC/blob/master/README.md
Question, when you first contact a vendor are you somewhat vague about the specific vulnerability until they respond the first time?
Asking because of the timeline here.
*Yes, it’s me*
Depends, if it's known contact I'll share full details initially, if it's unknown contact I'm bit more restrictive with full details initially.
Hey Bashis,
In your option which manufacture would you consider the most secure? Just wondering what your thoughts on the environment is.
Difficult questions, spontaneously I would say those who offer easy download of firmware (anonymous and non-cloud), has non-encrypted firmware, not based or carry traces from HiSilicon, using continuously audited open source by the community with updated open source trees such as the Yocto Project and not building their stuff in one or more big blobs.
Can you name one or more manufactures?
Sorry #U2, but that's the reality what I've seen so far, I could name one manufacture that's not so bad overall, and also the only one I've seen who actually using Yocto Project for some models, that make me to rate pretty OK, but I prefer into this post not to shout any name.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.