Claimed Security Vulnerability in Axis, Aimetis and Milestone VMSes
Author: John Honovich, Published on Nov 09, 2015Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.
Related Reports on VMS
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise
on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested
on Oct 18, 2017
Axis faced significant product shortages over the summer.
Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
Top Problems Searching Surveillance Video (Statistics)
on Oct 13, 2017
When crimes, accidents or incidents happen, the video surveillance system is a key component in finding out and proving what actually...
Exacq M Series Low Cost NVR Tested
on Oct 12, 2017
With recent cyber security issues hitting NVRs and cameras from low cost leaders Dahua and Hikvision, users are increasingly seeking alternatives...
Hanwha 20MP Multi-Imager Tested (PNM-9081VQ)
on Oct 09, 2017
Hanwhwa has introduced the latest in their multi-imager camera line, the PNM-9081VQ, a Wisenet 5 20MP model with four repositionable 5MP camera...
Exporting Video Surveillance Tutorial
on Oct 05, 2017
Exporting video surveillance is important when incidents or crimes occur.
However, there are multiple ways to export video which have their pros...
ASIS Show 2017 Final Report
on Sep 27, 2017
ASIS is in Dallas for 2017 and this is our final show report (compare to our 2016 ASIS show report).
When walking in, one is greeted with Dahua's...
Hanwha Launches Wave VMS
on Sep 27, 2017
Hanwha Techwin has been teasing the launch of a new VMS:
But what is it? Did they develop their own or? And how will this impact their...
Avigilon 'Blue' Cloud Entry Examined
on Sep 19, 2017
Avigilon is moving to the cloud. The company announced their Avigilon Blue platform, designed to be a web-managed surveillance system, utilizing...
Genetec Launches Community Connect Examined
on Sep 14, 2017
Genetec has done best in large-scale, enterprise systems and relatively worse in smaller systems such as SMB.
Now, Genetec is launching...
Most Recent Industry Reports
Anixter End User Sales Troubles
on Oct 23, 2017
End user sales have and continue to be a major problem for Anixter's physical security business.
Every year, according to various Anixter people,...
Assa Abloy Acquires August
on Oct 23, 2017
The mega access control manufacturer, Assa Abbloy, has acquired one of the most well funded access control startups, smart lock...
Axis Q3 2017 Financial Results
on Oct 23, 2017
A big issue for Axis this past quarter was their product shortage.
Despite that, new Q3 numbers for Axis show solid financial results.
In this...
Cisco Falling - Favorite Network Switches 2017
on Oct 20, 2017
1 major manufacturer fell and 1 outsider manufacturer gained as integrator favorites for network switches from more than 140 votes / explanations...
Uniview Recorder Backdoor Examined
on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Hikvision Access Control Tested
on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise
on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration
on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014.
Now, Exacq has...
Search More Important Than Live Monitoring - Statistics
on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.
The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested
on Oct 18, 2017
Axis faced significant product shortages over the summer.
Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.
Comments (18)
Undisclosed Integrator #1
***** **** ** ******, *** *******'* ** ********* ** ** such * *** *** ****'* ***** * *** **** *** internet, * **** ********** ** **** *** ******** ***.
Create New Topic
Undisclosed Manufacturer #3
**** ******* ***** *** ** ******* ****** **************, ** ******* to ******** ******/***** ** **** ** *********. * ***** *** trick, ** **** *** *** ***** ** **** * ******* to ******* *** ** ****** **************, *** ** **** *** connectin ********* - ** ** ******'* **** **** **** ** basic **************.
***** ***.** *** ** ********* *** ******* * *********** *** the ****** ** ***** ** ** ** *** ******* *** then *** ** ***** **. **** ***** **** ****** * 3rd ***** ***'* ******** **** *** ************...
Create New Topic
Justin Schorn
*’* *** ******* ******* *** ******* ******** ***.
***** *** ******** ************* ********* ** ********* * ******* ***** and ******** ****** ** *** *** ** ***** *** *** and ******* *** *********, *******’ ****** ****** **** (**-**), ******** last ****, ********* **** *****. ******* **-** *** *** ************ Release ***** *** ********* **** ************** *** ** *** ************ *** *********. **** **** ****** prevents ********* ******* ********* ***** ** *********** *** **** ************** downgrade.
******* ***** *** ********* ******** ****** ********* *** ***** **** these ******* ** * ********* *** *********** ******. ** ******** to ********* **** ******** *****, ******* ************** ************ *** ******* **** ******* ************ *** ***** ********** ***** with ********* ******* *******. ** **** *********** ****** *** ******* certified ************ *** ********* ******** ***** *** ******** ******** ********** of *** ****** *** **** *** **.
Create New Topic
Undisclosed #2
**** ** * **** *********** *** ***** ********* *.* ** shine **** *********!
*** ****** ** ******** *****?
Create New Topic
John Honovich
******* ******** * ********* **** ******** ******* ** **** *****:
**** ******* ******** *** ** ********** ***** ************** *** *** HTTP *** **** ********* ** ******* ******* ********** ******** (***) spoofing ******* ******* *** ******** *** * ******.
**** ******* ******** *** ** ********** ***** ************** **** ** HTTPS ********** **** ** ***** **** *** * ******.
Create New Topic
Ryan Twitchell
**** ** **** ********* ** ***** ***** ** *******:*****://***.**********.***/****/***-**-***-******-***-***-********-*********-******
* ******** **** **** *** *****'* ******** *** ***** ************** as * *** ** ******* **** *** *****.
**;**: ** *** **** ** ********* ********** (********* *****) ** otherwise *** ******* ************ ** **** **** *******, ***** ************** can ** * **** *****. ** *** *** ***** **** HTTP *** *** ******* **** ******* ******* *********, **** ****** authentication***** *** *** ** **.
**** ** ** *** ** **** ****** ******** ** ********* (and ***** ** ****** ** ********* * ****** **** ******) and *** *** ** ********** ** *** ********:
****** ************** *** * ***** *******. *** ** *** ****** authentication *****, ** ********* ******** *** ****** ** ***** **** password ** **** ** ***** ** ************ ***. ***** **************, however, ****** *** ****** ** **** **** * **** (* "fingerprint") ** *** ********. ******* **** *** **** ***** ** more ********* *** ****** ********* *** ****** (** ******) ** discover **** ********. *** ******* **** ***** *** ***** ******** (like *** **** ****** **** ** ****) **** **** **** available ** ****** *** ***** ****** ** *** ******. ***** passwords *** ****** * ***, **** **** ** ****** *** have * ****** ******.
***, ***** **** ***** **** ******** **** *** ****. *** kind ** ********** *** ******* ********* ***********, *** ************ **** HTTPS *** *** *** ******** ** ******* **** *********** **** used ********, *** **** **** ** ** **** **** ***** vulnerabilities.
* ****** **** ** ****** ********** ********* ** ******* **** right *** (** *** ********), *** ****** ********** ****** ** able ** ******* **** **** * ****** ********.
Create New Topic
Ryan Twitchell
* *** ******* ***** ** **** *** ********, *** * quick **** ** *** *** ***** **** *** *** ******* for **** *****. ** **** ** ******* ********** *** *** to ***** ******* ****** ************** **** ** ***** ********* **** basic ************** ** *** ****** ** ** *******.
* ***** *** ***** **** ***** *******, ****** ** ******* that ****** **** ******* ************ ** *** *** *********. * do *** ******* ******* * ******** ***** ** *** *** digest ** ********** **** ** ****** *****, *** ** ******** in ********* ******* ******* *** ************. *** ********* ** **** digest **************, * ****** ***** ***** ********* **** *** **** algorithm (**** ** ******) *** ** **** ** *** ***** auth.
Create New Topic
John Honovich
****: ********* ******** **** *** ***** ** **** *****, ** are ******** * ********. *** ***** **** **** ***** ******* sooner ** **** ********.
Create New Topic