Vulnerability ******
*********** ************ ************, *** ******* **** initially ******** *** ****** overflow *************, ***** ** can ** **** ** "switch ***" * ***** feed, ******** ********* ** replace *** **** ****** from *** ****** **** a **** *** ** their ********.

**** ** "************" ** the *****, ****** ** one **** ******* *********, no ********* *** ***** on *** ****** ******* of ******* *** *******, and **** *** ******** live/original *** ********* ***** feeds *** ***** *** video ****** ***** ***** as ****-***** ******, ** does *** **** ** actual ****** ******* ***** the ***** **** ****** out *** ** ******** in * **** ****** fashion.
***** *******
***** ************* ************' **** **** on *** *******, ***** ****** **** did *** *** *** the ************* ***** ***** result ** **** **** a ****** ** ******* (DoS):
*************, *** ****** ******** vulnerability *** *** *********** of ****** **** *********. This ** *** ******* of *** *********. “…..****** a ******* **** ******* to *** ********** *** interface *** **** ********** access ********”.
*******, ** *** *** discovered * **** **** could ******* **** ************* effectively. *** **** ****** impact ** *** ******* is ***.
Details ********
*********** **** ******** ************ would *** ******* ********** ********* details ****** **** *** contained ** *** *****. Leigh-Anne ******** [**** ** longer *********], *** ********* the ******* ** *** Forbes ***** ******:
*** ******* **, **** we **** ***** * proof-of-concept ** ** ****** that ***** ** *********** used ** * *** system ** ** **-******. Due ** *** *********** disclosure **********, ** ****** disclose **** ******* ******* on *** ** *** be ****. ** *** several ************* ** ******* IP-cameras ***************, *** **’** just **** *** ** them.
**** ***** [**** ** longer *********], *** ******** the ******* ************* *** developed *** ******* **** by ******** ** *** Forbes *****, ******* *** following *********** ** *** exploit:
** **** ****** *** like ***** ***** ******** packets ** ****** **** other ******. ** ****** any ***** *************. ** had *** ****** *** for ** ***** ****** runs **** ***** ******.
******* **** ** ***** ** **** gotten ****/***** ****** ** the ****** ** ****** external ********, ***** **** would ** ******** *** such ** *******, *** easily ********* ******* ****** specific *******. ******* ** ****** that *** ****** ******** vulnerability (***** ****** ** sending ********* ******* **** POST ********) *** ** leveraged ** ****/**** ***** processes ** *** ******, and **** **** *********** it ** ******** ** a ***** ******.
Forbes ******* ************
***** *** ** ******** the technical *********** ** *** *******, the ****** ****** ******** to ***** ******* *********** verification, ******** *** ***********, and *** *********** ** the **-**** ********** (***** makes ** ******* ** the ******* ** ***** video *******):
** **** ****, ** looked ** *** ******* provided *** ******* *** script ******* ****, ******* trusting ** *** *********** and *** *********** ******** by **** *** *** US **********.
**** ****** ******* *** clarification ** *** ******* provided, ****** ******** **** more ********* ***** *** we ***** *** ************ of *** ***** ******* of ****** ********* ******* as ** *** **** verified *** ******* (*.*., reviewing ****** ****, ****** another *********** ******** **** to ****** ********'* ***** of *******):
*****, *** *** ******* more ** ** *********** from *** ** *** you ***** **** ** implausible? What's *********** **********? ** you *** **** ** a ****** *** ********** compromise **, ****** ******** is ******** ** *** as *'* *********.
** ********, ** ********* that ***** **** ** indication *** ******* ***** be **** ** "*** root" ** *** ***** of ******** ****** ** a **** ***** ***** an ******** ***** **** arbitrary ******** *** ******* commands ** ****. *** exploit *** ******** ***** software ** *** ****** already ******* ** ****, meaning **** *** ******** called *** *** ******* would *** ** ****, but **** *** *** allow *** **** ****-******* style ******.
Dahua *** ********
** ***** **** ****, ******** Technologies****** ***** ********** ********** and "**** ** ***"*** ****** ******** *************. However, **** ***** ** he *** ********* ***** with ******* ** *** exploit ** **** ****** that ***** *** ******** fixed **** (***** ***** did *** **** **** an ******* *** *********), ***** responded:
* ****'* **** **** Dahua ***** **. * don't ***** **** *** easily *** **, ** many **** **** ** change... **** ****** ** fix *** *** **** nobody **** ******* *** :)
More ********* ******* *****
***** ** *** ****** video, ** ******* ** given ** ******* ***** used *** * ******, a **** **** ****** scenario, ****** **** ***** still **** ** **** than **** ********** * buffer ******** *******, ****** requiring ********** **** ** be ******* ****** **** the ******. ***** ******** this ** ********** ** open ****** ********** ** get **** ****** ** a ***** *****.

***** ********* ** *****, but ************* ******* *** someone *** ****** ***** to ******* * ******. Given **** **** ***** is *** ******* **** and **** ********, ** would *** ** ********* to "****** ***' * video ****** ** **** cases, ****** ********* *** camera ******** ***** ********* be ****** ****, *** achieve *** **** ****** of ******** ** **** video ** *** ***** was ********.
Cyber ******** ****
** ***** ******** *********, and *** ***** ***** by ********** ******** ******* to ********, *****, ** does *** ********** ** sensationalize ******** ***** **** unlikely ********* *** ******* demos **** **** ******* that ********** ***** *** risks. **** *** ***** in ******** ***** ******** vulnerability ******** (*,*,*) **** ** ** possible ** *********** *************** in **** **** ****** illustrate ********* *****.
Comments (2)
Undisclosed #1
Would like to know what bashis mcw’s estimate of how likely it is that given a buffer overflow flaw, that a silver bullet string can be found for it resulting in root access.
Create New Topic