Axis Three Medium Vulnerabilities Disclosed

By Ethan Ace, Published Oct 06, 2021, 11:03am EDT

Three medium-severity vulnerabilities have been discovered in Axis firmware by a cybersecurity researcher, affecting 300+ models.

IPVM Image

Inside this report:

  • A summary of the vulnerabilities and their severity
  • Explanation of privileges required to exploit
  • Devices and firmware versions impacted
  • Feedback from Axis on the vulnerabilities and Nozomi's research
  • How these vulnerabilities and Axis' response compare to Dahua and Hikvision

Three ***************/****** ****** ******

************* ********** **************** ***** ******** *************** in **** ********, *** with**** ****** ** *** "Medium" *****. *** ** ***** vulnerabilities ***** ***** ** attack ** ****** ********* code, *********** ************ *** camera/NVR, ******** ******* ******* other ******* ** *** network, ** ****** ********* it.

***** **** **** ** known ******** ** ***** vulnerabilities *** ** ***** of ******* ** *********.

Axis *********

**** ******** * ******** notice ** ****************** ********** ******* ** **** CVE. **** ******* ********* to ** **** ******'* description ** ***** *************** was ******** *** **** have ******* ******** ****** firmware *** **** ******* (discussed *****).

******’* *********** ** ***** flaws ** ********. ** have ****** ******* ******** with ****** *** ******** them **** ***** ******* analysis ****’* ******* ** the **** ********* ******** that **** ****** *** includes *** **** **-******* devices. *** ********** ** that ***** ***** ***’* pose *** *********** ****, and *** *** **** detailed *********** ***** *** firmware ******* ** **** security ********. ** **** case, ******* *** ******* available.

Requires ************* **********

***** *** ***** ** these *************** *** ***** the ****** ** ** compromised ** ********, ********** any ** ***** *************** requires ************* **********, *.*., a **** **** ** logged **** ** **** device ** ****.

** ** ******** *** attackers ** ******* ***** vulnerabilities ******** ** ********** a **** ** ***** a ******** ***, ****** the **** **** ** actively ****** **** *** web ** ** ** Axis ******.

******* ***** *************** ******* administrator ********** ** ******** an ************* ** *******, they *** **** ******** than ***** ***** ******* no ************** ** *******, e.g.,****** **************** ***************.

All **** ******* ********

******'* ******* ********** ** these *************** *** ********* only ** ****' ***-************ Companion ***, *** **** confirmed ** ***** ********** to ** **** **** are ******* ** *** Axis *******.

***** *************** ****** ******* on *** ****** ******** track (**.*) ** **** as ****-**** ******* ******, which ******** **** ******* that **** **** ************ (**** ********* ******* *** 5 ***** ***** ***).

**** **** **, *** IPVM *********, **** ******* firmware *** **** ******* is ******* ********* *** these ******:

  • **** ** ****** ***** 10.8
  • **** ** **** *** track *.**.*.*
  • **** ** **** *** track *.**.*.*
  • **** ** **** *** track *.**.*.*

******** ** ********* ******' ********* *** ** ********, downloaded, *** ******* ** bulk ********* ****** *******.

Nozomi ******** ********

****** ******** ** * cybersecurity*********** ******** ****, ***** has ********** ***** ************ industry ***************, ********* ************* *** **** *************,***** *** ***************, ********** *** ***************.

****** ********* **** ** "transparent" ********** *** *******,******** ** ***** ****.

*** ****, *********** ****** of *** **** ********* allowed ****** ******** **** to ********** *** ******** and ******** ***** *************** expediently.

Axis ********* ** "***********"/******** ***** ******** ****** **********

** ******** ** *** some ************* ******* ** vulnerability ***********, **** ******* Nozomi *** ******* ***** attention ** ****:

** ***** ****** ******** for ***** ******** *** good ************* ********** *** disclosure *******. **** ************** welcomes *********** ** ******* our ******* *** ******** as ** ** *** belief **** ****-**** *********** cyber ******** ** ******* through ************* *** ************.

**** *** **** ***** to ***** ******* ******** which ******* ***** ***************, including ******** *** **** discontinued *******, **** **** released ** *** **** Nozomi ******** ********* ***** disclosure.

Contrast ** *****/*********

****' ******** ** ****** and *** ***** *** clarity **** ***** **** released ******** ******* ** address ***** ****** ** a ***** ******** ** recent *************** ********* ** Dahua *** ********* *******.

** *** **** *******'* ****** ******** ***************, ***** *** ************ to *** **********, ******, until **** ********* ******** on *** ***************. **** after **********, ** ******* unclear ** *** ******* have **** *******, *** more **********, ***** **** not ****.

******** ****************** *********** ********* ** **** responsive **** ********* ***** recent"******* ***** ** ********" vulnerability. *******, ** *** not *********** ***** ***** users ****** ****** ******* firmware ** ***** ******** were ******* *** ***** regions, ****** ***** ** detail ** *** ************** ****** ********** ********** Hikvision *******.

Comments (25)

***** ******* *****!

Agree: 3
Disagree
Informative
Unhelpful
Funny

**** *****, *** * agree **** **** *** good ** **** ****, they *** ***** **** of **** ** ******** vulnerabilities **** ** ** well.

* ****** **** **** approach "******, **** ******** issues, ** **** ** know *** *** **", and * ***** ****'* one ** *** ****** why **** ***'* *******/**** their ********'* *** **** allow ****** *** **** SSH ****** **** **** shell (*** *** **** crappy "*********" ***** ** many ****** **). ** me, ** ***** ***** confidence ** ***** ********.

**** **** *'** **** on **** ***, ****** do ******* **** *** :)

Agree: 3
Disagree
Informative: 10
Unhelpful
Funny

**** ** **** ***** these ****:

"*** **** ***************! *** have ***************! *** *** have ***************!"

Agree
Disagree
Informative
Unhelpful
Funny: 8

* ** ******* *** someone ** *** "**** had * *************** *** Hikvision **** *** * in *** **** *****, so **** ***** ********* is ***** ***** **** secure **** ****."

***** ***** **** ** understanding ** *** ******** of ***************.

Agree: 10
Disagree
Informative
Unhelpful
Funny: 12

**'* ****** **** ***** the ************ ** ******* practices *** *** ********** of *** ********* ** these ******** **** ****** be *** **** ***** of * ******* ** these ********.

** ******* *** *******, immaculate ****** **** *** dodge *** ****** ** copyright/patent ************ (**** ** many **** *** *** reinvent *** ***** *** output "***** *****" ***********) and *** ******* *** all ***** ** ******* for *** ****. **** if **** ******* ****** open ****** ****, *****'* a ***** ********* *** of ******** *** ***** associated **** ****.

Agree
Disagree
Informative
Unhelpful
Funny

** ******* *** *******, immaculate ****** **** *** dodge *** ****** ** copyright/patent ************ (**** ** many **** *** *** reinvent *** ***** *** output "***** *****" ***********)…

**** *** *** **** talking ***** ****? **** immaculate ****** ***** ********* or?

Agree: 3
Disagree
Informative
Unhelpful
Funny

******* *****'* * *** a **** ****'* ******* copyrighted, ** **** ** you **** ** *** certain **** ****'* ******* against *******, ** ***** already ** *********** ******* you ******* **.

*** ***** **** **** and ****** ** **** original **** ** **** sections, *** ** ***** cases *** **** ** do ** ** ******** different *** ******* ******* already *********** *** **** method ********* ******* *** that ***** ** *********** for *** ** ***. That ****** *** ** reinvent *** ***** *** do ** * ********* way, ******* * **** vulnerable ***, ****** *** want ** *** ********* to *** ****** *** wrote *** ***** ****.

Agree
Disagree: 1
Informative
Unhelpful
Funny

******* *****'* * *** a **** ****'* ******* copyrighted, ** **** ** you **** ** *** certain **** ****'* ******* against *******, ** ***** already ** *********** ******* you ******* **.

*** ***** *** ** in ********** ** ******* else’s *********** **** ******* knowing **?

Agree: 1
Disagree
Informative
Unhelpful
Funny

*****. **** ****** **** like * ****** ******* than * ********* ******* to **. ********* ** more ** *** ***** of **********. ** ***** be **** ** *************** violate * ********* ** writing ****.

**** ** **** **** you *** ******** *** wheel *** ****** "***** World" ***********

** *****'* *** *** to ** **, *****'* one *** ** ** it... *** *******'* *** going ** ***** *****'* plagiarism ** ********* ****** print("Hello *****!") ** ****** class, *** *** ****** worth ***** **** *******'* either.

**** ********* ********** ** the ****** ***** ******** have ** ** **** people **************** ***/****/***/***/***/** ** neglecting ** ******* *********** for **** **** ***** Overflow (***'* ** ******, everybody ****** **** ***** Overflow).

******* *** **** ** the *****. *** ***'* need ** **** ********'* source **** ** **** their ****. *** *** USPTO *** **** **** mistakes ** *** ****. As * ******, ******** tried ** ****** ****** lists ****. *** *** could *** **** **** kind ** ******* ** matter **** *********** *** do.

**** ******* ** ****** coding, ******, * *** of ** ** ******** best *********, ********** ********** by ***-****** ************* **** OWASP. **** ****, ***** is **** ** *** US **********, ********* ***************. If ***'** ********* ***** open-source **********, *** *******'* need ** ***** ***** patents ** ****** **********. There's * *** ** other ****** ********* **** as ****, *** ** you *** **** ** should ** **** ** get ****. (** *** want ** ****** *** accepted ******** *** *** Sylvester's ***** ********** *********™, then *** *** **** to *** * ******* from *********.)

** ******, **** ***** secure ****.

Agree
Disagree
Informative
Unhelpful
Funny

*********** *** **** **** problem *********. *****'* **** software ** ***** **** song *** **********. *** can ********* *** ** writing ********* ******* ** someone ****'* **** ******* ever **** ****** **** or *********** **** **** and ** *** **** you ***** **** ** square *** *** ***** you ** ******* ** just ***** **** *** work ********.

* ***** *** **** about ********* **** *******, but ***** *** ******** issues ***** *********** *** have ******* ** ****.

Agree
Disagree: 1
Informative: 1
Unhelpful
Funny

*** ***** **** **** and ****** ** **** original **** ** **** sections, *** ** ***** cases *** **** ** do ** ** ******** different *** ******* ******* already *********** *** **** method ********* ******* *** that ***** ** *********** for *** ** ***. That ****** *** ** reinvent *** ***** *** do ** * ********* way, ******* * **** vulnerable ***, ****** *** want ** *** ********* to *** ****** *** wrote *** ***** ****.

***** ***, *********** ****** written **** ** *** as * **** ********* or ***********, ** ** a ********* ******, ***** is ** ********** *** someone ** **** **** a *****.

******, ***** **** ***** of ******* ****** **** duplication, ********* ** ********* to ******* ******* ***** and ********* ****** ** copyrighted, **** ****************** ** *** ****, and **** **** ** there *** ***** **** to ***** ******* *** idea *********.

** *****, *’* ****** confident **** **** ********** A ** *********** * begins ** ***** **** algorithm **** ******* ** doesn’t ***** **** * copyright ******.

*** *** ******* *** cases ** ******** ********* violations **** ***’* ******* literal ****** **** ******* or ********* ******* *******?

Agree: 1
Disagree
Informative
Unhelpful
Funny

* *** ******* *** point **** *** ****** code *** ****** ****** software ** ****** **** disclosed *** ****** ** such * *** **** songs *** **.

*******, ***** *** ***** risks *** ********** **** have **** ********* **** varying ********. ** *** point ** ****** **. Oracle ** * ***** example, *** *** *** argue **** *** **** was ******** ******. ************ speaking, * *** **** one ** *** ******** in *** ********* ****.

******** *** *** ***: Copyright ** *** ****** - ********* - **** University - ******

*********, **** ** *** risk ** *******, ** one ***** ** *** taken ** ***** **** all ** **** *** done. *** **** ***** stifles ****** ** **** level ** ***** *** instances ***** *** **** to ******** *** ***** for ** ****** ***** than ** ***** ****** accusations ** ****** ****

Agree
Disagree: 1
Informative
Unhelpful
Funny

*********, **** ** *** risk ** *******, ** one ***** ** *** taken ** ***** **** all ** **** *** done.

*** *** **** *** even ****** ***** ** what ********** *** ***********? As ** *******, ****** I ********* * ** search **** *’* ***** to *********** ********** ** * ****** list?

* *** ***** ** disagree.

Agree: 1
Disagree
Informative
Unhelpful
Funny

** ****** ****** ** that ****** ****** ***** and **** **** ** all **** *********. ***** than ****, * *** even ***** ** *****.

* **** *** ******** of *** ******* ***** patenting **** **** *** AV1 ***** ** * competing ******** ** *.***/****, which *** ***** ** be **** ****** *** royalty-free. *******, ** *** been ********* **** ** such ****** ******. **'* the ******* ********* ** why ** ***'* **** nice ******.

Agree
Disagree: 1
Informative
Unhelpful
Funny

*** ** ********* **** was *** ******* **** for **** ** *** the *************** ****** *********/*****?

** ***** *** **** that ****/**** *** ** this *** *** **** comparable?

Agree
Disagree
Informative
Unhelpful
Funny

***** ** *** ********* ************* ********** ************* *** ***** to *** *** "*****" before **********. *** ***** 9/22, ******* *** **** able ** ********* **** on */**.

Agree
Disagree
Informative
Unhelpful
Funny

***** *** ***** ** these *************** *** ***** the ****** ** ** compromised ** ********, ********** any ** ***** *************** requires ************* **********, *.*., a **** **** ** logged **** ** **** device ** ****.

*** ** ***** *** device **** ***’* ** compromised ** ******* ** logged ** ** ****?

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny: 1

**, * ***** **** you, **'* **** ****** that;

****@***:/****/***# ** - ****

****@***:~#

***** ** ** *************** exploit, ** * *** not *** *** ******** question.

*****, **** ***** *** vulnerabilities, *** ******, * don't ****.

Agree: 1
Disagree
Informative
Unhelpful
Funny

*****, **** ***** *** vulnerabilities, *** ******, * don't ****.

*** ****** ****** - in *** ***** **** it ** ****** ****:

*******, *** **** ******** function ****** ** ****** (as ******** ** *** official ******* *************) **** no **** **** “****” multiplied **** “*****” ****** of ***** *** ****** in *** ******* *********** buffer.

*** ***** ** ** POC *****. ** ** experience, **** ******* *** have * ****** ******** does *** **** ** can ** *********.

***** *** **** ******* something ******* ***=* *** without * ***?

Agree
Disagree
Informative
Unhelpful
Funny

**** (***=*) ** ****, no *******/*** ******** ******.

******, * ******* ** was **** ***** ******** (and *** ***** ***** buffer ********), *** ********** in ************.

[****]

*** ***** ** ** POC *****. ** ** experience, **** ******* *** have * ****** ******** does *** **** ** can ** *********.

****, **** **** *** can **** **** ** stack ***** ********, *** in ******* *** ***'* do ****.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ************* ** * vulnerability **** ** *** can't *********** ********* **. Just ******* ** ***'* a * ** * CVSS ***** *****'* **** it's *** ***** ****** seriously. ********* ** ***** a ***** ** *************** being **** ** ********** ways ** **** * dangerous *******. ***** ** Axis *** ***** ** diligent! * **** **** a ******* ***** ******* which * **** *** name **** ******** ** seriously...

Agree: 5
Disagree
Informative
Unhelpful
Funny

**** ** **** ****, chaining *************** ** *** most ***** **** *** also **** *********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ************* ** * vulnerability **** ** *** can't *********** ********* **. Just ******* ** ***'* a * ** * CVSS ***** *****'* **** it's *** ***** ****** seriously.

* *****, **’* ** value *** **** ** know *** ***** **. If **** *****’* ***** of **, **** ***** use *** **** ** some ***-***** ******** ** which ** ***** ** exploited ** * ******* user. *** **** ** that **** *** ***** need **** ****** *** an ****** *******.

**** ** * *** cry **** *** ****** Dahua *****, ***** **’* just * ****-**** ****-***-***.

* ***** *** *’* objecting ** ** *** Medium *** *******, * feel ** ******** *** truly ********* *************** *** there.

Agree
Disagree
Informative
Unhelpful
Funny

* ***** *** *’* objecting ** ** *** Medium *** *******, * feel ** ******** *** truly ********* *************** *** there.

** ** ****, ***** are *** ****** ***** Medium (**** *** ********), so **'* *** **** far ** *** *****, but * *.* ** just ***** *** **** scale.

*** ********** **** ******* would **** ** **** camera **** ** * browser, ****** ** ** root, *** **** ***** a ******** **** ** exploit **** **** ******* the ******* ** ****** low, *** **'* *** 0, *** *** ********* impact ** **** ****, if ******* ** ****** enough.

*** * ** *****, it's *** * *.*.

Agree
Disagree
Informative
Unhelpful
Funny

…******* ***** **** ** Axis ****** **** ** a *******, ****** ** as ****, *** **** click * ******** **** to ******* **** **** outside *** ******* ** pretty ***

****** ***** **** **** these ******** ** **** case. *** ******** **** could **** ****** *** root ******** *** ****** ssh. ** *** ***** config ***** * ********.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,270 reports and 968 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports