Genetec Self-Discloses Critical Vulnerability

By: Sean Patton, Published on Jul 31, 2018

In an unprecedented move for the video surveillance industry, Genetec has self-disclosed a critical software vulnerability across Security Center and Stratocast.

In this report we examine:

  • What the vulnerability is
  • What versions it impacts
  • Why they have released limited details
  • Why they disclosed it publicly even though no third party forced them to
  • Genetec's criticism of Chinese manufacturers / Hikvision vs their own critical vulnerability

** ** ************* **** for *** ***** ************ industry, ******* *******-********* * ******** ******** vulnerability****** ******** ****** *** Stratocast.

** **** ****** ** examine:

  • **** *** ************* **
  • **** ******** ** *******
  • *** **** **** ******** limited *******
  • *** **** ********* ** publicly **** ****** ** third ***** ****** **** to
  • *******'* ********* ** ******* manufacturers / ********* ** their *** ******** *************

[***************]

Critical *************

******* ****** *** ************* *** a **** **.* **** score ** *.* (********). ********* ** *** **** Base ***** **********, * **** *.* score ********* **** ********* network ******, ** ***********, and * *** ********** of ******.

***********, ******* ****:

**** ************* ******* ******** Center ******* ** ******** received **** *** *******. An ******* *** ** achieved **** ****** *** attacker ** *** ************* in ******** ******. *** exploit ***** ***** *** execution ** ********* **** and **** ******* ** the ********* ****** ******* the ******** ****** ****.

*** ************* *** ********** ** Security ****** *.* (******** ~2013) **** ************* ***** have **** ********* *** 5 ***** ****** ** was **********. ******* **** they **** ** ******* of ******* *** **** they ********** ** ******** when * "***** ***** organization ***** ** ******* to ******* *********** *****" reported ** ** ****.

No ************* *******

*******'* ********** **** *** include ********* ******* *** a ***** ** ******* exploiting *** *************. **** is ******** *** *************** discovered *** ******** ** independent ******** *********** (*.*., **** ************* *********).

A **** ****-**********

*********, ** * ******** such ** *******'*, ***** they **** *** *********** tester, *** ************* ***** be ******* *******, **** ** public ****** *** *** tester ***** ** *** barring **** **** ****** comment, ********* ** ******* IPVM *******.

** ** **** *** companies ** ****-******** ** Genetec ***, ** ******* instance ************* ********* * ******* password ***************** ****. *********'* ********** was * **** ***** level ******** *****, **** affecting **, ********* *** Express, *** *** ********* control ** *** ********* system ** *** ******. It **** *** *** require * ******** ******, just ******** *** ******* user ** ******** *** password ** *** *******.

******* ** ** ** rare *** ************* ** self-disclose, ** * ********** ****** ** ********** Responsibility, *********** ********* **** would *** ***** ************* to ****-******** ******** ******.

Notification *****

******* **** ** ***** that ********* *** **** information ** *** ********** ** ***** website.

No ******* *********

******* ********* ** **** why **** *** *** sharing **** *******:

** ****** ** ******** the ************* ******** ** maximize *** ******* **** our ********* ****** ***** of ** *** ***** the *******. ** ** also ** **** **** the ************* ********** **** practices ********* ******* ** the ******** ********.

** ** ********** *** case ** ********, ******** what ** ******** ** that ******** *** * trade-off.  **** **** ******** we ******* ** ****** the ***** ******* ******* disclosing ****** ******* ** that *** ******** *** conduct ***** *** **** assessment *** ***** *** patches ********* ** ***** own **** ********* ***** at *** **** **** avoiding ******* ******* ** providing ****** ******* ** that **** *** ***** exploit **** *** *** disclosed *************.

Patch ** *********

*******'* **** ***** *** Service *******/********** ****** ***** required *** **** ******* of ******** ******, *** recommends ******** *********** ** removing ******* ******* ****** to *** ******. ***** that **** ******* ******* are ******** ** ********** multi-site, *****-******** ************, ******** outside ******* ****** ***** essentially ******* *** ********* of ***** *******. ** such, ******** ******** ********* upgrades.

Criticism ** ******* *************

******* *** **** **** vocal ***** ************* ********, specifically ******* *************, **** notably ** ********* ********* / ************ ********* *** Huawei *******, ****** ******** ***** their ******* ********** ******* and**** ** ******* ***** *********. ******* would ****** ***** ** the **** **** **** disclosed **** **** **** were *** ****** ** do ** ** * sign ** ***** *** trustworthiness.

*******, ***********, ********* *** ****** supporters **** ***** *** Genetec's *** ******** ************* as ***** **** *** manufacturer ** ******* ****** to **** ***************.

Poll / ****

Comments (56)

bashis mcw

07/31/18 02:12pm

*********! ****'* *** ** should ** ****!

Undisclosed #5

In reply to bashis mcw | 07/31/18 06:47pm

*********!!

******, ** *** ***** believe **** ** *** way ** ****** ** done, *********** *** **** of *******?

**** *** ** ****** learn, **** **** ******* had **** ********* ******** vulnerability *** ***** **?  Surely **’* *** *** first **** **************** ** ******* ***** a **** ** ***** own ********.

** **** ********** **** found ** **** ** feel*********** * *******’* ********, what’s ** **** * company **** **** ****** 

“** ***** * ******** flaw.  ** ***** **.  See, ** **** ******** seriously.”

Undisclosed Manufacturer #10

In reply to Undisclosed #5 | 08/01/18 01:04pm

******* ******** ***** ** was ********** ** * third-party *********** ******* *******, not ** ****** ********.

bashis mcw

In reply to Undisclosed #5 | 08/04/18 09:12pm

****, *** ***'* ****** so **** ** **** in-house ***********, ****** **** same ***** *** ***'* get **** *$, ***** either (** ********).

****'* ****** ** ***** seriously ** **** **** actually ********** **** ***** some ******* ***************, *** their ********* ****** ****** to ****** ** *** not "****" ** "******" update - ***** *** really ********* ****!

Undisclosed #5

In reply to bashis mcw | 08/05/18 12:05am

****'* ****** ** ***** seriously ** **** **** actually ********** **** ***** some ******* ***************, *** their ********* ****** ****** to ****** ** *** not "****" ** "******" update...

**, **** ** * reasonable *** ******** ********.

******* *****’* ******** ******, assuming **** *** ********* goal ** ** ******* customer ******* ** *** greatest ******* ******, ***** a **** *********** ********** method ** ******?

*** ********,** *** **** **** *** ** ********** determined **** *** ******* has *** **** ** into *** **** ***, perhaps *** ******* ** patch ***** ****** ** made ***** *** ***** of “********* ****** -  MAJOR *** *****” ** opposed ** “******** ****** TO *** ****** **** VULNERABILITY”.

******* *** ****** ** surely * ****** ** those *** ***** **** to *** *** ******* for ***-****.

*** ***** *** ******** fix *** *********** ********, it *** ******* ****** more *** **** **** the **** ****** ** patch **.

**** ******* *************** ***** ******* ****** in ******* *********** *** vulnerability ******.

** *** ***** ****, waiting * ****** ** so ***** *** *** has **** ******** ** announce *** ******** *************, would **** *** ***-***** more **** ** ********* the ******* ****** *** hackers ***** ** ******.

**** *** ********* ** not ******* ***** ** was *** *** ** contain *** ****** *** code ***** **** ** harder ** ******* ********.

********?

Undisclosed #3

In reply to Undisclosed #5 | 08/05/18 03:09am

*** *********** ******* ** key ******* **** ***: notifications. ** ***** *** users ***** ** *** fragility ** * ******* system. ******* ******* *** updates ********** *** ****** view **** *********** *** ability *** * ******** or ****** ********** ** help ******* ** ****** the ******* ** **** vulnerability. ** *** *** just ***** ***** *** figure ****** ***, **** is *** * ****, black *** ***** *** community ****** ******* *** voids.

******* ***** **** *** help *** *** **** your ***** ****. ****** concept.

****** ******* *********** ** also ** ********, ** you *** ********* *^^**** say *********.

***** ** ** ******** here, **** ****** *** enhance **** ************ **** BS ************* ** *** system.

Undisclosed #5

In reply to Undisclosed #3 | 08/05/18 03:54am

******* ******* *** ******* underneath *** ****** **** only *********** *** ******* for * ******** ** coding ********** ** **** rectify ** ****** *** outcome ** **** *************.

****’* *** ****** ********** that ***** ******* *** vulnerability **** ** ******* of *** ******* ***** from *** ******** ***** is ********?

 

bashis mcw

In reply to Undisclosed #5 | 08/06/18 09:14pm

* ** ******* **** one ***** ** ** months ****** ********** ******** doesn't ******, ** ***** will ***** ** **** and **** ** ********** devices **** *** *** been *******. (**** **** at ************ ** ********* his ********* **** *********)

 

**** * ** ***** matter ** **** ***, is **** ******* ** admit ***** *** **** security ************* ** ***** products *** **** ** their ******** ******** ***** this, *** * ***'* and *** ****** *** either ****** ******* ******* in ********* ******* **** patching.

 

******, * ***'* ****** any ******* **** ******* when **** ********** ***** *** findings, *** ** **** sure ***** **** ** details ** **** ********** when * ******* *** most ******** ***** *** parties.

 

*****, *** ********** *** built ** ******* ***********,****** ******* (******) **** *** you * ****, *** never (******) ****** ****** area ** **** *** vulnerability.

 

** *.**$

Undisclosed Integrator #1

07/31/18 02:17pm

* **** *** **** by *******.  * ***** it's **** **** ****'** not ***** ********** *** vulnerability ******.  *** **** low ***** ******* * blueprint ** *** ** exploit *******?  * ***** telling *** ****** **** there ** * *************, a *** *** ****** update ** * **** move.

Undisclosed #2

07/31/18 02:19pm

* ** *** ********* that ******* *** *** disclose ******* ** ** exploit ** ***** ** concept. ***** ****** *** often **** ** *********** as * *** ** prevent *** ******** ******* from ******** *** ***** is "**** ******* ** execute" ** "**** ********* certain ********", *** ******* excuses. ***** ** ******* works ***** ***** ** verify ** ***** ******* are ********, *** ***** for ********** *** ********* complexities ** *** ************ does *** ******* ** tries ** **** *** issue.

** **** **** ******* is ****** ********* *** vulnerability, ******* * *****, and ********** ***** ********/******** are ********. ********* * proof ** ******* ***** only *** ********* ** undue **** ** **** point.

Avatar

Greg Hussey

07/31/18 02:21pm

"***************" *** "***************" *** obviously *** ********* ******, let's *** ******* ****.  All ******** *** *** potential *** *************** *** do *** ***** *** organization ** ****** ******** an ********* ****** ** their *******/******** *** ********* will ** *********** *.*. diligent ** *******/****** ***** and ******** **** ***************?  When ****** ***** ********* (if **** ** ********* to *** ** ******** in **** ******** *****) one *** **** **** at **** *********** *** history.

Undisclosed #3

07/31/18 02:33pm

* ***'* *** ******* as **** ** * should, **** ****** **** if ***** ***** ********** is ***** ******* ** Windows * ********? *** anyone ***** ** ******* one ***** ***********?

** ***** ****, ** you *** * ******** NAS *** *** **** or ***** ******* ***********, DSM ***** ** ** patched *** * ************* released ********* ** ********'* website.

*****://***.********.***/**-******/*******/********/*****************

Undisclosed End User #4

In reply to Undisclosed #3 | 07/31/18 03:16pm

**** ** *** ******** I *** **** ********* with *** ***** ******** on *** ***, ******** Cloud ****, ** ** May **, ****.  * sent * ****** ** this ******* ** *** if ***** *** *** update.  * **** *** you **** **** * hear ****.  

****'* **** * ***** back **** **:

** *** ***** ******** the *** * *******, the ******* ** **** be **** ***** **** year ** ***** ****. We **** **** * years ** ******* ******* with * ******** *** we *** ********* *** windows ******** ******. 

Thibaut Louvet

In reply to Undisclosed #3 | 07/31/18 11:31pm

* ** *** ******** of ****** ******* ******* Group ** *******.

***** *** ******** ***** Link ********* **** ** Windows * ********, ***** are ** ***** *************** that ****** *** *********. We ****** ********* ******* the ******** ** **** field ******* ******* ** frequently ** ********. **** is *** ** **** firmware ******** ****** ** bundling ******* ******** ******* with *** ******** ***** Link ********, **** *** be *********, ********* *** managed ******** **** ******** Center.

**** ******* ** *** concerns ****** *** ***-**** vulnerability, ** ******* ** only ****** **** ******** access ** **** ******** Cloud **** ********** *** they *** ******** ** only **** **** ******** interfaces ** ******** **** risk. ** ********* ********** Synergis ***** **** ** a ****** ******* ****** in * ****** **** of **** ********.

Avatar

Sean Nelson

Nelly's Security | 07/31/18 03:47pm

** *********, ******* *** vulnerabilities, **** *** *******. Hikvision **** ******, **** are ******* ** ***** to *** **** *** usa. ******* ******* ** more ******** **** ****.

Michael Miller

In reply to Sean Nelson | 07/31/18 03:52pm

*** ** *** *** see *** ********** ******* how ******* ******* **** compared ** **** ******* Hikvision *** *****? 

Undisclosed End User #4

In reply to Michael Miller | 07/31/18 03:58pm

** ****.  *** **** to ******** *** ******** is ***** ** *********.  He *** ** ** on **** ** ******* counter ***** ** **** in ***** ** **** business *******.  **'* **** the ******** *** **** everyone ******** *** **** "Haha ****'* ** ****.  Good **' ****."

Avatar

Sean Nelson

Nelly's Security | In reply to Michael Miller | 07/31/18 06:45pm

*** **** * *****. With *******, *** *** paying ********* *** ******* per *************. **** *********, you *** **** ****** a *** *******. *** difference.

* ***** ** ***** be * **** **** for ************* ** **** note *** ********* ******** industry ********* *** ***** their *********** **** ******* unless *** **** **** an ********. **** ** u *****?

Undisclosed Integrator #6

In reply to Sean Nelson | 07/31/18 06:54pm

* **** *** *** being ***** *** (******* without ******* **) *** are ***** ** *** money.  ** * ****** a ****** *** *** for ** *** ***** and ****'* **** ***** Chinese ***** ****** ****** et **, **** ********* all *** ****, ******** (being **) ***** ***.  If * ****** ** represent *** **** ** class ******** *** ** customers *** ******* ** pay *** **** ***** of quality *** ********* **** we ***** ** **** Genetec *** * ****** manufacturer **** ****** **** energy ** ******** ******* concerns.  **** ******.

Undisclosed #12

In reply to Undisclosed Integrator #6 | 08/02/18 02:53am

** ** ****, * prefer *** ** **** a ****** *** ** dog's ***** ** * think ** *** ***** by ******.

** *** ***, ***** there's * *** ** companies reselling devices *** ********** **** in ***** *********, ** there * *** ** check ***** ***** ***** Rights ** ***** *********?

Undisclosed #2

In reply to Sean Nelson | 07/31/18 04:07pm

** *********, ******* *** vulnerabilities, **** *** *******. Hikvision **** ******

**** *** ***** ***** what *** **** ***** for * ******. ******* proactively ***** * ***-**** firm, ********** * *************, patched **, *** ************ this *** ****** *** hacks **** *****. **** did *** **** *** fact **** * ************* was **********.

*********, **** ****** *******, has ******** * ****** of *****, **** ****** devices ***** ********* *** affected. ********* *** ********* only ****** *** ************** about ***** *************** *** hacks **** ****** ** do **, ***** ***** IPVM ********. ********* *** not ** *** *** taken ** ******** **** inspires ********** ** ***** in *** *******.

*** ********* **** ** a ****** **** *******. One ******* ***** *********** to ******* * ************* from ******* **** * hack *** **** *******. Another ******* ***** * head-in-the-sand ****** ******** *** gets ******.

John Honovich

IPVM | In reply to Undisclosed #2 | 07/31/18 04:34pm

******* *********** ***** * pen-test ****, ********** * vulnerability, ******* **, *** communicated **** *** ****** any ***** **** *****. 

** **** ** **** if *** ***** **** place. *** *******, ** Hikvision's *****, *** ***, found **** *****, **** would **** ******* **** it *** ** **** as **** ***** *** not **** ******. *** Genetec ****** ********** ********* who **** **** ******** concerns ** ******* ***** ** be ** *** ** these ******.

**** *****, * ** agree ***** *** ********** in *************. *** **** critical *************** *** ********* found ** ********** ******** products **** **** **** fixed *** *** *********?

Undisclosed #2

In reply to John Honovich | 07/31/18 04:57pm

** **** ** **** if *** ***** **** place.

**** *****. ****** **** to "****** *** ***** of ******** **** ******** publicly".

 

Undisclosed #3

In reply to Undisclosed #2 | 07/31/18 06:48pm

******* ***** *** **** taken *****.  :/

 

 

Undisclosed Integrator #1

In reply to Sean Nelson | 07/31/18 04:14pm

* ***** *** ** the **** *********** **, Genetec ********* ** * vulnerability ******** *** ******** *********.  Also, *** **** **** they ****'* **** **, hide ** ***** ** obscure ******* ** ***** no ************** *** *** vulnerability.  * **** *** love *********, *** **** on ****, **** *** have ** ***** **** is *** *** **** should ****** * *************.

Undisclosed Integrator #11

In reply to Sean Nelson | 08/01/18 01:47pm

** *** ********* ***** at *** *** **** deployed ** ***** ************* - **** ***** **** been ********** ******* ***** with *** ** *** other ****** **** - but **** ******'* **** the ****** ** **** would **? **** ***** require ** ********, **** handed ****** **** **** doesn't **** ************* ** the **** ***.

 

Scott Sheldrake

07/31/18 04:25pm

**'* **** ** *** that ******* ***** *** testers. * ****** ** this ** ******** ******** practise ***** *** *** players, ** ** **** is ********* ******? 

 

 

John Honovich

IPVM | In reply to Scott Sheldrake | 07/31/18 04:35pm

*****, *** **** ** this ** '********' *** quite * ****** ** video ************ ************* *** doing **** ***. ****'* notable ** **** ******* disclosed *********. ** ** mention ** *** ****, often ************* **** ***** vulnerabilities ******* ***** *** never ******** *********.

Scott Sheldrake

In reply to John Honovich | 07/31/18 05:10pm

* ***'* **** *** Genetec's ******* ********* *****, but **** ** **** a *** ** ***** (and ***** **** **** some ***** **** ** v6.0 *** *.*) ** costs ***** ** *******.  So ******* *** ** looking ** **** ** a ****** ****** *** spinning ** ** * "look ** **, ** take *** **** ****" scenario. 

*'* *** * **** fan ** ******* ** they *** * ****** dealer-only ******.  ******* *** HIK *** *****'* *****, at ***** **** ***'* discriminate ******* ******* *** medium ***** *********.  (** - **** ******* *** can't **** *** *** boys ****).  *** *'* be ******* ** *** Genetec *** * ******** more **** **** **** admit **, *** ***** 1% ** *** ****** uses ***** ******** ****** cares. 

******** ******* *********.

Avatar

Sean Patton

IPVM | In reply to Scott Sheldrake | 07/31/18 05:36pm

*****,

***** ******* ** ******** Center *** **** ******* with * ********** ******, which ** ********* *** free *** ******** ******* a ******** ******, **** if *** ****** ** no ****** ******* ** a ******* ********* **** (software *********** *********).

Undisclosed Integrator #8

In reply to Scott Sheldrake | 08/01/18 07:42am

** *****,

******** ** * *** and * ******* *******, the '****** ****** **** system' (******* *******) ***** us ******* ******* *** investing ** *** ******** and ************* ******** **** dealing **** ********** *******.

*******'* ******* ** *** partner **** ******* *** product, ******** *** ** as ******** *** **** at * ******* *** more *********** * ***** point.

** ** *** ********* ******* about ******* *** ********** Genetec ********, *** ***'* think *** ***** ***** and ******* ** ******* would *******? ** ******. I'd ****** ***** *** race-to-the-bottom ******* ****** ********** out ** *** ********.

$ *****, ******* **** after ***** ********. ** have **** ********* ****** our *** ** *******. How **** ***** ************* do *** **** **** do ****. * ***'* recall ********* **** ******* us *** ****** '**'** got * ***** ******* for *** ****, ****'* the ****** ** *** client ***...'

** ****** ** ******* bugs *** ***************, **'* all **** ******** ***** all. **'* *** **** respond ** ***** ****** that ******. *****'* ** charge *** ********** *****. If *** **** *** SMA *******, ***** ** reasonably ****** *** *** free ******** *** *** the ********. **** ** exactly *** **** ** Exacq.

** *** ***, ** you **** ** ******* the ********** ******** **** Exacq, ***'** **** ** join ***** '*** **** club' ***.

Undisclosed Integrator #9

In reply to Undisclosed Integrator #8 | 08/01/18 08:08am

*** ******** **** * ****** dealer **** ****** **** Genetic ** ** ******** quality ** ************* ** complete ********. 

****** **** ******** (********, Genetec, ******* ******) *** there ** ****** *** number of ******* ** ****-****'* tenders *** ******** ****** margins ** *******.  ******.

** ********, ******* *** were truly ********* **** ******* of ******** **** **** would ****** ******* ********* and ********* ******** ** become * ******.  *******, they ****** ** **** out ****** ***** ********* to *** *** **** the *** **** *** while *** ******* **** (** theory) ******.

******* ** *** ******* for ***** ****** **** a *** ***.  ****'** a ****** ******-**** ******* that **** ***** *** top *% ** ********** customers *** *** ******** through *********.  **'* **** saying your ******* ***** **** any *******.  ** **** ******* ***** creates ***** *********** ****, or *** **** **** Windows **** **% ** the ******* ****** *** ** the ****** ******.

 

Undisclosed Integrator #13

In reply to Undisclosed Integrator #9 | 09/14/18 01:20pm

** *** *** ** those ****** ***** *********, who ******* **** ******** with *** "*** *** boys".

** ** *** ******. We **** * **** high *** *** *** quality ** *** ******** system *************, ***** ** why ******* *** ****** you ********* **** ** on ***** ***** **** as ******* *** ***** top ***** ******* *********.

*******, *** *** ****** you ********* ** ******** in ***** ******* **** of *********** *** ********* pretty **** *** *** nationals, ***** ** ******, but **** **** ****** have ** ***** ****** of ******* "******" ***** businesses *** **** ******** in ***** ******** *** make ** ****** ****** to ******* ***** ******** and ******* ***** ******* using *** ******* ********* of *** ********.

******* *******. ********* **** dealers *** ********* **** products *** ************ **** products ******** **** *******.

Michael Miller

In reply to Undisclosed Integrator #9 | 09/14/18 01:41pm

** ********, ******* *** were ***** ********* **** quality ** ******** **** they ***** ****** ******* extensive *** ********* ******** to ****** * ******.  

 

******* **** ******* ********* *** expensive ******** ** ****** a ******.

******** **** *** ****** for ********.

****** * ****** ******* that **** *********** ****** ****** to * ****** *** important.  * **** **** more ******** ********* **** more ***** ***** **** ********** * quality ******** ** *********.   

****** **** ******** (********, Genetec, ******* ******) *** there ** ****** *** number ** ******* ** hard-spec'd ******* *** ******** profit ******* ** *******. Period.

**** * ****** ** Avigilon ****** * *** 2 ****** ** *****.  Now * **** ** people *** ******* *******.   I **** **** **** other ***** *-* *** shops **** *** **** successful selling ********. 

Avatar

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | 07/31/18 05:04pm

**********, ***** *** *******.

Scott Sheldrake

07/31/18 05:11pm

* ***'* **** *** Genetec's ******* ********* *****, but **** ** **** a *** ** ***** (and ***** **** **** some ***** **** ** v6.0 *** *.*) ** costs ***** ** *******. So ******* *** ** looking ** **** ** a ****** ****** *** spinning ** ** * "look ** **, ** take *** **** ****" scenario.

*'* *** * **** fan ** ******* ** they *** * ****** dealer-only ******. ******* *** HIK *** *****'* *****, at ***** **** ***'* discriminate ******* ******* *** medium ***** *********. (** - **** ******* *** can't **** *** *** boys ****). *** *'* be ******* ** *** Genetec *** * ******** more **** **** **** admit **, *** ***** 1% ** *** ****** uses ***** ******** ****** cares.

******** ******* *********.

Avatar

Sean Patton

IPVM | In reply to Scott Sheldrake | 07/31/18 05:37pm

*****,

**** ******* ** ******** Center *** **** ******* with * ********** ******, which ** ********* *** free *** ******** ******* a ******** ******, **** if *** ****** ** no ****** ******* ** a ******* ********* **** (software *********** *********).

Christopher Ritter

In reply to Scott Sheldrake | 07/31/18 09:21pm

*****, * ** *** Northeast ******** ** ***** for ******* *** * am *** ******** ** post ** **** *** I ***** * *** get **** **** **** one. **** ******* ** completely ******, ** **** tons ** ******* ** medium ***** ********* ** partners, ******** **** **** we **** ****** ****. We **** ******** ********* in *** *****/************ *** On-prem ********* ** *** any **** ********** ** end-user *** **** ** a ****** ************* ** our ********. ****** ***** out ** ****** ** your ***** *** *** we ***** ** **** than ***** ** ******* a *********** **** *******. We ***** ***** ************ and ** *** ***** on *****!

Scott Sheldrake

In reply to Christopher Ritter | 08/01/18 04:52am

*** *****,

*** *** ** ******* in ** ****** ** become *** ** **** Genetec?  **'** *** **** tenders ***** ******* ***** have ***** ** * lot ** ******* ****** with ******* *** *****.  Is ***** ** *** here?  ***** ***?

 

******

Avatar

Clint Hays

07/31/18 06:40pm

****** ** *******. ** software, ** *****, ** flawless. ***** **** *****'* an ***** **** ****** than ******** ** ** a ****** *** ****** it.

Undisclosed Manufacturer #7

07/31/18 07:08pm

** * "**********" ** Genetec, *'** *** **** this ** ********** *** correct ********.  *************** *** to ** ********, ** what *** ****** ********* might *** ** ********.  A ********* (*** ******) methodology ** ********** ***** types ** ****** **** always ******* * ****** level ** ********** **** your ******** ****.

Peter Pavlov

07/31/18 09:34pm

* ****** ****** ** be ***** ** * vulnerability *** *** ** address **. ** *** manufacturer ******* ********* ** and **** ******** *** fix ** *** **** release, **** ***** **** the **** *** ***-***** to **** ** ****** they **** *** ********(***** they ***'* **** ** will *** * ***** vulnerability) and ****** **** ** an ******. ** ***** in *** ******** ******** the *** ** **** provided *** ******* **** expired *** *** ******* ***** Genetec ** *** ****** ** monetize the *****. ** ***** cases, *** ***** *** in *** **** ******* will *** ******* *** issue ******.  

Avatar

Jon Dillabaugh

Pro Focus LLC | 07/31/18 09:59pm

**** ***** **** ******* Hikvision, *** ****** **** and ***. 

Undisclosed #2

In reply to Jon Dillabaugh | 07/31/18 10:33pm

******** ******'* **** ******** if ********* *** ******* any *** ** ***** numerous ****** ********* *************** in ** *************** * manner.

Avatar

Jon Dillabaugh

Pro Focus LLC | In reply to Undisclosed #2 | 07/31/18 10:42pm

***** *****. **** ** like ******* * ****** code ****** *** ********** authorities ** ******* *** source **** **** ** their ********? **** ****’* receive **** *******, *** it. 

********, ***** ***’* **** Hikvision ***** ** ** endear **** ******* ****** here. **** *** **** man ******* ** ****** what. 

Undisclosed #2

In reply to Jon Dillabaugh | 07/31/18 10:50pm

**** ****’* ******* **** acclaim, *** **.

**, ** ****'* ******* it *** * ******** PR ****, *** ** authentic *******. ***, ** Hikvision *** **** ******* and ************ ***** ***** numerous *************** **** ******** wouldn't **** ****** ** dangle *** *** ******** "source **** ******" ** try *** ****** ********* and *********.

 

Undisclosed Integrator #11

In reply to Jon Dillabaugh | 09/14/18 02:10pm

******* *** - ***'** be ******* "**-*********" *** have *** ***** ** Trump ******* **** *** by *** **** ********.

 

Edward Knoch

08/01/18 04:50am

 * ***** **** **** admission ***** **** **** truly ** **** ***** their ********** *** **** to ****** *** ********** of ***** ********* **** privacy. ****** **** ******* that *********, ******, ********* and ******** **** ***** vulnerabilities ** **** **** can *** **** *****. 

***** *** * **** that ********** ****'* **** a *******  - ** enhanced *** ***** ** the ****. ******* ** lambasting *******, ** ****** be ********** **** ** their ************ - * don't **** **** *** product. 

**** *** ** *** Genetec.

 

 

Avatar

Joseph Marotta

IPVMU Certified | 11/10/18 07:02pm

** ***** *** **** to *** **** **** Score ********** ***'* *******. Is ** **** **?

John Honovich

IPVM | In reply to Joseph Marotta | 11/11/18 01:51pm

******, *** **** ******** (*****://***.*****.***/****/**********/*.*) **** **** *** me.

Avatar

Sean Patton

IPVM | 07/10/19 06:16pm

******* ****-********* ******* *************, related ** * ********* blank ******** **** ** a ******* ***** *******:***** ******* *************. ** ** ****** a **** **.* **** score ** *.* (****) because **** *** ** used ** **** ************ access ** *** ******'* live ** ****** *****.

***** **** ****** *************, Genetec **** ****:

*** ************* *** ***** in ** ***** ******* of ******** ****** *.* prior ** *** ******* by *** ********** ** hired.  Since *** ******* **** used *** *** ***** Gateway ** *** **** default **** ******* ** Security ****** **** ************ (aka *** ***** ****) it *** ******** **** the ********* ******** ****** in *** ********* ********* upon ***** ********** ** *** Config **** ***** **** change *** ******** ** the ***** *******. **** assumption *** ***** *** is *** **** ***** of *** *****.

*** ***** ******* ** not * **** ******* by ******* ** ******** Center. * **** ******** creating ***** ******* **** and ********* *** ***** detailed ** *** ************* Guide ******’* **** *** any ***** (** *** however ******** *** ********* guide **** ** ** sure). *** **** ******* arises **** * **** creates * *** ****** role, ** **** ************* also ******* * ***** Gateway **** **** *** user *** *** ** aware **** */** *******. We ***’* ****** ***** to ** ***** ** this, *** **** ** reason *** ** ******** was *********.

*********, *** ***** **** scenario *** ******* ** the ************ *** ** is *** **** ** exploit: *** ****** ***** has ** ******** *** unique *********** ****** (****** Guid) *** **** ****** they ***** ** ****** via *** **** *********.

*** ******* **** ** a ***** ** *********** numbers **** ***** ******** the *** ******* ** the ****** (** **** example ** **** ******'* GUID):

Undisclosed #5

In reply to Sean Patton | 07/10/19 11:08pm

*** ************* *** ***** in ** ***** ******* of ******** ****** *.******** *** ******* ** the ********** ** *****.

******* **’* *******?  *** it ******** ******?

** ***** ********, *** was ****** **********?

Avatar

Sean Patton

IPVM | In reply to Undisclosed #5 | 07/11/19 03:45am

*** ************* ** *** present ** *** ******** in *.*, ** *** found ****** *.* ***-******* during *********** *** ** present ** *.* *** 5.7 (** ** ***) if ***** *** *** Client ******. ******* *******/**/*********** missed *** ************* *** 2+ *****.

**** ** *** ****** of ******** ********:

Undisclosed #5

In reply to Sean Patton | 07/11/19 02:57am

...** ** *** **** to *******: *** ****** still *** ** ******** the ****** *********** ****** (called ****) *** **** camera **** ***** ** access...

**** *** ********, *** easy.  **** *** ***, easy.

 

Undisclosed Manufacturer #14

In reply to Undisclosed #5 | 07/11/19 12:58pm

"**** *** ********, *** easy. **** *** ***, easy."

** *** **** * hacker ** **** *** you **** ****** ****** no?

 

Undisclosed #3

07/10/19 06:24pm

*** **** **** **** told ** ********** ** advising *** ********* *** vulnerability ******* * ***** like ** **** *** thing. *** *** ***** for ****? ****** **** creating *** **** ************* initiates *** ******** ** the ***** ******* **** (RDP **** *****, ***). 

******!  ***'** *****!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...

Most Recent Industry Reports

Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...

What IPVM Is

The world's leading authority on video surveillance, with 200,000+ visits monthly.

  • Articles on cameras, video analytics, VMS, and trends
  • Tests showing actual performance and problems
  • Courses in surveillance, access control, etc
  • Camera Calculator for designing systems

Dedicated To Independence

We're dedicated to staying independent and objective. We're the only industry source to refuse any and all advertisements, sponsorship, and consulting from manufacturers. Why?