Milestone Entry Level Mobile Password Vulnerability Disclosed

By Brian Karas, Published May 24, 2017, 01:45pm EDT

While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has proactively identified and resolved a vulnerability that could allow unauthorized remote access to camera feeds. The company recently notified partners of a potential vulnerability in default installations, including how to close the vulnerability to prevent unauthorized camera viewing.

Additional details of the vulnerability, and mitigation steps, are in this report.

Vulnerability *******

*** ********* ******** ******* a ******* "*****" **** with * ******* ******** that ** ******* ****** installation:

  • ******** ******* *.** ** 2017 **
  • ******** ********* *.** ** 2017 **
  • ******** ** *** ******** (all ************)

**** **** *** ****** the ****** *** ******** such ** **********, *********, Advanced, ***.

*** ******* ******* *** initially ******* ** **** it ****** *** ***** to *** ** *** running, ********* ** *********.

Milestone ************ *****

** *********** **** ***** to ********, ********* **** the ********* ***** ********** the ************* ** ******:

Mobile ****** / ****** ****** ******* ****** 

**** ************* ** ************ applicable ** ***** ***** the ******** ****** *** remote ****** *******, ****** via *********'* ****** ******, or *** *** ******** SmartClient. ** ***** *********, a ****** ****** ***** utilize *** ******* *********** to **** **** ** recorded *****, *********** ******** sensitive ****/******* ** *** location ** ************ *******.

Closing *** *************

********* ********** *** ********** to ***** **** *************:

  • ****** *** ******* ***** user ** ****** ******** to ********* ******
  • ****** ** **** ** release, ***** ******* *** default *******. **** ******* **** be ********* **** *, 2017. 

XProtect ************ / ********** ********* ** ** ********

******* ************* ** ***** versions ** ******** ** not **** **** *****, according ** *********, *** if ***** ******** ** affected ****** ** * higher *******, *** ******* user ***** **** ******** in *****, ******** ***** upgraded ******* ** *** same *************. ** ***** cases, *** ******* ******* should ** ******* ** have *** ******** *******.

Default **** ******* ******

********* ****** **** **** default **** *** "*****" / ******* ******, *** would *** ** **** to ********** *** ***.

Severity ********

*** ************* ** ********** low **** ******** ** other ****** ************ ************* issues, **** ** ***** from ***************, ** *********. * ******* ********** is **** **** ************* is ****** ****** ** deleting *** ******* ****, or ******** *** ********, something ***** **** ********-********* users **** ****** ******* done, ** *** ******* was *** ****** ** secret ** *** ***. Further, **** ******* *** not **** ***** ******, limiting ** ********* ** viewing *****, ****** ** alter ******** ** ****** malicious **** ** *** system.

No ***** ***** ******* *********

***** *** ** ***** known ******* ********* ** Milestone ******** ********* ** Milestone.

Proper ******** ** *********

*********** ********** **** *****, and ******* ************* *** impact *** ******* ** address *** *************, ****** further *************'* ******* ******** ********** among ***********.*** ********** ******* **** disclosure ** ** **** discussion***** ** ****:

**** ***** ** ** inbox ***** ******** ****** ... *** ** ** the ***** ************ **** has **** *** *** been *** ***** ** acknowledge * ********* ******* that **** ****.

Comments (1)

Thank you Milestone!  You just set the bar for everyone else.

Agree: 17
Disagree
Informative
Unhelpful
Funny: 1
Read this IPVM report for free.

This article is part of IPVM's 7,023 reports, 934 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports