Claimed Security Vulnerability in Axis, Aimetis and Milestone VMSes
Author: John Honovich, Published on Nov 09, 2015Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.
Related Reports on VMS
Genetec Mission Control Tested
on Jul 13, 2017
Genetec continues to move up market with their Mission Control, "Decision Support System", bringing PSIM-like procedures and incident management to...
OnSSI Gets $16 Million Funding
on Jul 11, 2017
OnSSI has had a rollercoaster past few years. Between acquiring VMS company Seetec, breaking up with former OEM partner Milestone and a rocky...
ONVIF Widely Used Toolkit gSOAP Vulnerability Discovered
on Jul 10, 2017
A vulnerability has been discovered in a toolkit that video surveillance manufacturers widely use for implementing ONVIF.
In this report, we...
H.265 / HEVC Codec Tutorial 2017
on Jun 30, 2017
For years, video surveillance professionals have talked about the potential for H.265.
Now, in 2017, H.265 is starting to gain mainstream...
Hikvision H.265+ Tested
on Jun 27, 2017
Hikvision, which in the past few years released H.264+ (see test results) has now released H.265+, that claims even greater bandwidth savings.
We...
Milestone / Canon Launch Cloud Startup Arcus Global
on Jun 27, 2017
Milestone has spun off a business, Arcus Global, funded by their parent company Canon. The new company aims to transform the VSaaS market with an...
VMS UI - Light vs Dark Preferences
on Jun 16, 2017
Several VMS manufacturers have the ability to choose a user interface with either a light or dark color theme. 150+ integrators told us which they...
Axis 20MP Q1659 Camera Tested
on Jun 13, 2017
Axis has joined the super high resolution camera trend with their Q1659, a 20MP model equipped with Canon's APS-C sensor.
We tested the Q1659...
Milestone New "+" Claims To "Conquer The Mid-Market"
on Jun 07, 2017
Milestone has declared they are going to "Conquer The Mid-Market" with new "+" releases.
Will they?
In this report, we examine Milestone's "+"...
Manufacturer Revenue Directory
on Jun 05, 2017
This report contains data on the revenue of 32 security manufacturers, trend analysis of whether they are gaining or losing ground and commentary...
Most Recent Industry Reports
Competing Against ADT
on Jul 20, 2017
ADT is one of the biggest players in the security industry, with ~$4 billion revenue. In 2017, they were acquired / merged with Protection...
Hikvision Launching Deep Learning Recorders
on Jul 20, 2017
Hikvision has become a common choice for super low cost NVRs.
Now, Hikvision is aiming to move up market, with deep learning NVRs that claim far...
PR Campaign Exploiting Manufacturer Cybersecurity
on Jul 20, 2017
Manufacturers increasingly have a bulls-eye on their back.
As cyber security solutions providers grow, they realize a great way to get publicity...
Axis Door Station Tested (A8105-E)
on Jul 19, 2017
Axis continues their push into niche markets, especially audio, with network speakers, an IP horn, and video door stations.
We bought and tested...
Manufacturer Favorability Guide
on Jul 19, 2017
This 120 page PDF guide may be downloaded inside by all IPVM members.
It covers our 20 manufacturer favorability rankings and 20 manufacturer...
$8 Billion Utility Georgia Power Enters Surveillance Business Offering Avigilon And Genetec
on Jul 19, 2017
Utilities are typically considered major customers of surveillance integrators but one utility, Georgia Power, with $8+ billion in annual revenue...
Knightscope Laughs off Robot Drowning
on Jul 18, 2017
A day after a Knightscope robot drowned, Knightscope has issued an 'official statement' making fun of the issue:
The implied message is that...
Microsoft Video AI Cloud Services Examined
on Jul 18, 2017
Microsoft has released one of the most amazing video analytics marketing videos ever. In it, they detect oil spills, track individual people giving...
Hikvision USA Head of Cybersecurity Exits
on Jul 18, 2017
Hikvision USA's Head of Cybersecurity has exited the company.
In this note, we review the move, share Hikvision's feedback and examine the...
'Suicidal' Knightscope Robot Drowns
on Jul 17, 2017
Knightscope continues its hyper growth, at least when it comes to controversy, this time with a 'suicidal' robot in Washington DC.
And here is...
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.
Comments (18)
Undisclosed Integrator #1
***** **** ** ******, *** *******'* ** ********* ** ** such * *** *** ****'* ***** * *** **** *** internet, * **** ********** ** **** *** ******** ***.
Create New Topic
Undisclosed Manufacturer #3
**** ******* ***** *** ** ******* ****** **************, ** ******* to ******** ******/***** ** **** ** *********. * ***** *** trick, ** **** *** *** ***** ** **** * ******* to ******* *** ** ****** **************, *** ** **** *** connectin ********* - ** ** ******'* **** **** **** ** basic **************.
***** ***.** *** ** ********* *** ******* * *********** *** the ****** ** ***** ** ** ** *** ******* *** then *** ** ***** **. **** ***** **** ****** * 3rd ***** ***'* ******** **** *** ************...
Create New Topic
Justin Schorn
*’* *** ******* ******* *** ******* ******** ***.
***** *** ******** ************* ********* ** ********* * ******* ***** and ******** ****** ** *** *** ** ***** *** *** and ******* *** *********, *******’ ****** ****** **** (**-**), ******** last ****, ********* **** *****. ******* **-** *** *** ************ Release ***** *** ********* **** ************** *** ** *** ************ *** *********. **** **** ****** prevents ********* ******* ********* ***** ** *********** *** **** ************** downgrade.
******* ***** *** ********* ******** ****** ********* *** ***** **** these ******* ** * ********* *** *********** ******. ** ******** to ********* **** ******** *****, ******* ************** ************ *** ******* **** ******* ************ *** ***** ********** ***** with ********* ******* *******. ** **** *********** ****** *** ******* certified ************ *** ********* ******** ***** *** ******** ******** ********** of *** ****** *** **** *** **.
Create New Topic
Undisclosed #2
**** ** * **** *********** *** ***** ********* *.* ** shine **** *********!
*** ****** ** ******** *****?
Create New Topic
John Honovich
******* ******** * ********* **** ******** ******* ** **** *****:
**** ******* ******** *** ** ********** ***** ************** *** *** HTTP *** **** ********* ** ******* ******* ********** ******** (***) spoofing ******* ******* *** ******** *** * ******.
**** ******* ******** *** ** ********** ***** ************** **** ** HTTPS ********** **** ** ***** **** *** * ******.
Create New Topic
Ryan Twitchell
**** ** **** ********* ** ***** ***** ** *******:*****://***.**********.***/****/***-**-***-******-***-***-********-*********-******
* ******** **** **** *** *****'* ******** *** ***** ************** as * *** ** ******* **** *** *****.
**;**: ** *** **** ** ********* ********** (********* *****) ** otherwise *** ******* ************ ** **** **** *******, ***** ************** can ** * **** *****. ** *** *** ***** **** HTTP *** *** ******* **** ******* ******* *********, **** ****** authentication***** *** *** ** **.
**** ** ** *** ** **** ****** ******** ** ********* (and ***** ** ****** ** ********* * ****** **** ******) and *** *** ** ********** ** *** ********:
****** ************** *** * ***** *******. *** ** *** ****** authentication *****, ** ********* ******** *** ****** ** ***** **** password ** **** ** ***** ** ************ ***. ***** **************, however, ****** *** ****** ** **** **** * **** (* "fingerprint") ** *** ********. ******* **** *** **** ***** ** more ********* *** ****** ********* *** ****** (** ******) ** discover **** ********. *** ******* **** ***** *** ***** ******** (like *** **** ****** **** ** ****) **** **** **** available ** ****** *** ***** ****** ** *** ******. ***** passwords *** ****** * ***, **** **** ** ****** *** have * ****** ******.
***, ***** **** ***** **** ******** **** *** ****. *** kind ** ********** *** ******* ********* ***********, *** ************ **** HTTPS *** *** *** ******** ** ******* **** *********** **** used ********, *** **** **** ** ** **** **** ***** vulnerabilities.
* ****** **** ** ****** ********** ********* ** ******* **** right *** (** *** ********), *** ****** ********** ****** ** able ** ******* **** **** * ****** ********.
Create New Topic
Ryan Twitchell
* *** ******* ***** ** **** *** ********, *** * quick **** ** *** *** ***** **** *** *** ******* for **** *****. ** **** ** ******* ********** *** *** to ***** ******* ****** ************** **** ** ***** ********* **** basic ************** ** *** ****** ** ** *******.
* ***** *** ***** **** ***** *******, ****** ** ******* that ****** **** ******* ************ ** *** *** *********. * do *** ******* ******* * ******** ***** ** *** *** digest ** ********** **** ** ****** *****, *** ** ******** in ********* ******* ******* *** ************. *** ********* ** **** digest **************, * ****** ***** ***** ********* **** *** **** algorithm (**** ** ******) *** ** **** ** *** ***** auth.
Create New Topic
John Honovich
****: ********* ******** **** *** ***** ** **** *****, ** are ******** * ********. *** ***** **** **** ***** ******* sooner ** **** ********.
Create New Topic