Turing Edge+ Cloud Cameras, Critical Security Vulnerability 2023
While cloud IP cameras are commonly marketed as more cyber-secure than traditional on-premise offerings, IPVM discovered a critical severity vulnerability in Turing's Edge+ cloud cameras, allowing cloud communications to be intercepted.
In this report, IPVM analyzes the vulnerability, how it works, what it impacts, CVSS scoring, and more.
Executive *******
***** *** ************* *** * ******** impact, *** ********* **** ** *** to ****** ** *** ******** **** create * ***-**-***-****** ****** (****) ******* the ****** *** *** *****.
*** ********** ************ ** **** ****** grants *** ******** **** ***** ****** to *** ******* *** ******* ********* information **** ** *********, *** ***********, and ************* ***********, *** ** ******* every *** *******.
**** ******** *** ********** ******** *** 1.38.6 *** *****. *** ************* *** patched **** ******* *.**.* **** **** six ***** ***** ** ********* *** vulnerability ** ******. *******, ** *** testing ******** ****+ ************, ****** ***** **** ******** ***** / ***** ******** *******, * *********** limitation ** **** ***** ****** **** and * ****** ******** ** ***** offerings.
Disclosure *******
*** ********** ******* ***** ** ****** 2023 ********* ****'* ******* ******* ********* the *************, ******'* **** *** ********** and ********* *** ************* ****** *** weeks *** ***** ** ***** **** weeks ***** *** ************ ** *** vulnerability.
** ******* ******* ********** **** ************* ** *.* Critical*** **** ***** *** * *** to ******* ********* ****, ***** **** was ******* ** **** ** ******** our ******** ** ******.
** ***** ****** ** *** ********* of ********* **** *** ******* ** the ******** ************* **** ***** *** Turing *********:
***, *** **** ** ******** ** your ****.
CVE-2023-42425 ********
**** ************* ******* ** ******** ** intercept ********* ***** ******* *** ****** sensitive *********** ******* *** ***** *** the ******, ********** ****** ** ******** admin ****** ** *** *******.
*** ****** ***** ******* *** ******'* configuration ***** ** *******, ********* *** username *** ********* ********, ** ***** below.
************, *** ****** ************ ******* *** Turing ***** **** * ******** ** the ***** **** *** ******* *** credentials.
****** ******** * ******** ****** ** early ******* ****. **** ********* **** it *** ** ****** ******** ** intercept ***** ******* ***** *** ***-**-***-****** method.
Manual ******** ****** ********
*******, *** ************* **** *** **** the ****** ***** ************** ** *** perform * ****** ******, ***** ** a ********** ** ****** ** **** cloud ********* ************* ****** *** ********. For ****, *********-**-***** ****** ******** ************* ****+ ******* ******.
**** ********** *** ****** ***** ****** to *** ****** ******** *********** *** keep ******* ** ** ****.
IPVM ********* ******** ****** *.*, *** *.*
***** ****'* ***************** ****** ** *.* (****) **** CVSSv3.1, *** ******** *** ******** ****** ** *.* (Critical).
**** ***** * *********** ** *** description ******** ** ******, ***** ****** the ********** ** *******. ** ****, NVD ***** *** ******** ** *** provided *** ****** ***********:
** ***** ** ****** ***** ****** Edge+ ****** *.*.**.* ****** ****** ******** to ******* ********* **** *** ****** sensitive *********** *** *** ***** ********** components.
** **** ****** *****, * ***-**-***-****** attack *** ******** ** ********* *** encrypted ***** ******* ******* *** ***** and *** ******. *******, **** *********** is *** ******** ** *** ***, so *** ** ******* ** **** requirement.
- Attack ******
- *******, *** ****** *** ** ********* over * *******.
- Attack **********
- ****, *** ******** **** ******** ******* as *** ***-**-***-****** (****)
- Privileges ********
- ****, ********** *** *** ******** ** exploit.
- User ***********
- ****, *** ****+ ****** ** ******* from *** ***** ***** ** *******
- *****
- *********, *** ********* ***** ********** **** Edge+ ****** ***** *******
- **************
- ****, ** ******** *** ******* *** read *** ***/*** ******* ******* *** Edge+ ****** *** *** *****.
- *********
- ****, ** ******** *** ******* *** modify *** ***/*** ******* ******* *** Edge+ ****** *** *** *****.
- ************
- ****, *** ******** *** ***** **** access ** *** ******** ********.
****
*** ****** ************* ******* ****** (****) provides * ***** ** ****** *** quantify *** ******** ** ******** ***************. The **** ***** ******** ** ****, Temporal, *** ************* **********.
***** **** ***** ********* ************* ******* ******.