Subscriber Discussion

Vicon Authentication Bypass Vulnerability Published

Undisclosed #1

IPVMU Certified | 07/31/16 08:37pm

From SecurityFocus:

Remote unauthenticated users can add an administrator, operator, or guest accounts to various Vicon network cameras by navigating directly to a specific URL. The URL is missing authentication and gives you direct access to the form that creates new accounts. URL: http://<IP>/system/user_pop.php?method=add&ptz_use=0 . With an account, a user can view the live video and alter camera settings.

AFFECTED PRODUCTS AND VERSIONS
Confirmed in products: V920D, V922D, and V-CELL-HD

Agree
Disagree
Informative: 1
Unhelpful
Funny
Top Comment Votes - Past 3 Months
  • 1. John Honovich - 1043
  • 2. Brian Rhodes - 387
  • 3. Marty Major - 365
  • 4. Michael Miller - 264
  • 5. Brian Karas - 239
  • 6. Andrew Myers - 209
  • 7. Greg Cortina - 169
  • 8. Ryan King - 152
  • 9. Michael Silva - 150
  • 10. Ross Vander Klok - 143
  • 11. Shannon Davis - 128
  • 12. Hans Kahler - 112
  • 13. Ethan Ace - 108
  • 14. Ari Erenthal - 97
  • 15. Rick Caruthers - 92
  • 16. Charles Rollet - 88
  • 17. Lynn Harold - 86
  • 18. Carsen Whiteside - 71
  • 19. Jerome Miller - 70
  • 20. Dwayne Cooney - 70
Manufacturers
Tools

BestMatch

Design Calculator

Online Shows

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact