A zero-day vulnerability present in security cameras and surveillance equipment using Nuuo software is thought to impact hundreds of thousands of devices worldwide.
Researchers from cybersecurity firm Tenable disclosed the bug, which has been assigned as CVE-2018-1149.
The vulnerability cannot get much more serious, as it allows attackers to remotely execute code in the software, the researchers said in a security advisory on Monday.
"Dubbed "Peekaboo," the zero-day stack buffer overflow vulnerability, when exploited, allows threat actors to view and tamper with video surveillance recordings and feeds. It is also possible to use the bug to steal data including credentials, IP addresses, port usage, and the make & models of connected surveillance devices.
Such a security vulnerability has wide-reaching, real-world consequences -- as criminals could compromise a surveillance camera feed, replace the footage with a static image, and raid a premises, for example."
A zero-day vulnerability present in security cameras and surveillance equipment using Nuuo software is thought to impact hundreds of thousands of devices worldwid.
Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability