Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits

By IPVM Team, Published Jul 29, 2021, 02:02pm EDT

Cybersecurity vulnerabilities have escalated over the past few years and keeping track of who is impacted by each can be difficult.

IPVM Image

This list, updated for 2021, compiles reported exploits for the security industry by date and by manufacturer, with a brief description of each exploit, the affected product(s) and version(s), and links to further reading for each.

Exploit ********

*** ******** ***** ***** a ******* ** **** vulnerability ***** **** * link ** *** ********* or ***** ***********.

***** ** **** **** timeline **** ******.

Exploits *** ******** *********

*** **** ***** ***** these ******** ** **** company *** ****** *********:

***

****

  • ********* **** - ******** version **.**.**.**.***, *** ******** earlier ********, ******* ******** vulnerabilities ********* ****-***** *****-***** accounts *** ************** ****** exploits. ********** ******* ****** ******.

********

  • **** **** - *** versions ***** ** *.**.*.** and ***** ** *.*.*.** allowed *** ********* ***** to ** ********* ******* specially ******* ****, ****** anyone **** ****** ****** to *** ****** *** ability ** ****** ***** at ****, ******* **************, making **** * ******** vulnerability. ********** ******* *** in ****** ****** *** **** vulnerability.

****

*****

  • ******** **** -*****, ******** ****-******** ***************: *** **.* ******** vulnerabilities ***** **** *.* and *.* ***** ***************. The ***** **.* ************* affects ***** **** *** uses *************** ** ********* data ***** ********* *** use ** ******** ******* code. *** ***** **.* vulnerability ******* ** ***** Video ********* ******* *** is **** ******** *********** due ** *** *** services ******* ************** *** critical *********.
  • ******* **** - *** 630/650/670 ***** **** ******** version *.**, *** ******** older ********, *** ********** to ******** ***** ********* can **** *********-******* **** to *** ****** ** enable ****** ******, ***** provides * **** ******* that **** *** ******* authentication. ** ******* ******** is ******** ** ***** out **** ******. ************* details *** ***** ** concept ******** *** ****** in ********* ******* *****.

*****

*****

Dedicated ******

  • ****** **** - ********* Micros ****, ********* ** least **-** *******, ** Advanced, **, ********, *** DS2, **** **** ** default ***********, *** ******** protocols *******. **** *** allow ********* ** **** over *** ****** ***/** to ***** ******* ******* during *****. ********** ******* in** ******.

****

*********

  • ******* **** - ** firmware ***** **** ******** 2017 *** *** **** root ****** **** ****** a **** ******* ****** CLI ** **** ** a *******. **** ** a ****** **** / paste / ***** ******** IP *******. ***** *** 15 ******** *************** **** range **** ********* * screen **** ** ******** the ****** *********** ** clear ****.**** ******* **** ****.

*******ü**

  • **** **** - *-*** E2 *** *-**** ********* is **** ******* ** their ************* **** ****; an ************** ****** ************* has **** **********. *** existing **** ****** ************ could ***** ********* ** bypass *** ****** ******* that *** ***** ****** code *********. *********** **** **** ****.
  • ******** **** - ** G-Cam/EFD-2250 **** ******** ******* 1.11.0.12 ** ************** ****** vulnerability *** **** **********. The ******** **** ****** architecture ***** ***** ********* to ****** *** ****** control **** *** ***** remote **** *********. ******* in*** **** ********.

******

  • *** **** - ***-****, SRN-1673S, ***-****, *** ***-**** recorders **** * ************* in **** ******** ******** where * **** *** was ********** ****** **** an ******** ****** *** use ****** ****/***** ** gain ****** ** *** same ********* ********** *********, bypassing *** ******** ************** screen. ********** ****** ** the***-**** **************** ************* **************.

***

  • ***** **** - ***** and **** ******* **** firmware ***** ** ***** 2016 *** *********** ** a ******* ********* *******, where ** ******** *** cause *** *********** ** lock ** ****** ***** without **************, ** **** as ******* * ****** of ***** ********* ** the **********. **** ************* was ******** ******* *****'* ****, ********* ******* *** be ***** ****** ****** **********.

*********

*********

  • ******* **** -********* ****** *** & NVR *************- ********* *** **** to ******** ******* **** and *** *** ********* vulnerability ** ******** *** could **** *************** ****** to *** *** **** interface **** ***** ******.

*****

  • ***** **** -***** *************** **** ** DDoS *******- * ***************: ******* injection *************** **** ********, FTP, *** ***, ********* credentials, *** ********* **** reading ************* **** ***** DVRs.

*********

  • ******** **** - ********* camera ******** ***** ** ~November **** *** ******* a ****** ** *************** including ****-***** *********** *** the ******* ** ******* admin ******** *** *************** CGI *****, ****** *** cameras ****** ********** ** attacks.

**********

  • ****** **** - **** and **** ******* *** vulnerable ** ******** ***** of ****** ******** *******. Devices *** **** ** open ***** ** ********, making **** ******* ** default ** **** ********. ~170K ***** ********. **** details ************* ********** ** ********** vulnerability.

*******

****

  • ******* **** - **** NT-4040 ***** ******** ******* NT-4040_01.07.0000.0015_1120, ******** ******* *********** of *****:*****, *** ************:******. A ****** ******* ******** can **** ********** ****** to * ********** ******. Further *********** *** ** found ****** ************* ********** **** *****.
  • ****** **** - ******** devices, ********* *** *******, NVRmini2, *******, ***** *** NVRSolo **** ******** ***** to *.*.* **** ******** vulnerabilities **** ***** *** remote **** *********, ****** root *******, ****** **** deletion, *** ***** *******. Exploits *** ****** ** ExploitDB ***** ******** ***, including:*****,*****,*****,*****,*****,*****,*****,*****. **** ** ***** represents * ******** ************* that ** **** *** an ******** ** ******* against *** ******.

*****

********

  • ******** **** - ******** DVR's **** ***** ******* brands *** ******** **** multiple ********, ********* ******* to ****** ************** *** get ****** ******. ******* can ** ***** ***** *********** ****.

****

  • **** **** -**** ***** **** ***************- ****** ******** ** be ******** ******* ***** credentials, ******* ******** ***** to **** **** ******** to ******* ** ** is **** ******* **** some *****, ******* ***************.
  • ******** **** - ********* can ******** ****** ****** on *** * *** Gen * ******* **** firmware ***** ** *.**.** and *.*.* ************, ******** them ** *********** ***** as ****.********** ******* ** *** coverage ** **** *******.

*******

  • ******** **** - ********* crafted **** ***** ** attacker ** **** *****-***** privileges ** ******** *******. List ** ******** ******* and *********** ******** ******** to ******* **** ***** are ******** ** *******.

TBK (*** ***** ***, *-***, *** ****)

***

********

  • ***** **** -******** '***********' **** ******- ************ ****** ** some ** ***** ******* hosted ** * "*****-***** cloud ********" (****** *** Services).
  • ***** **** - * command ********* ************* *** reported ** ******** ***** to ***** *.*.*. ********** low **** ** *******, but ***** ****** ****** holes ** *******, **** as ******* ******, ** properly ********.

*******

  • ******* **** - ***** password **** *** ** retrieved **** ******* *********, and **** **** ** login ** *****, ******** full ******. ******* ******* in******* ******** ******** ********.

*******

  • ***** **** -******* **** ****- ******* **** **** to *** **** / admin ****** ** *** ~150,000 ******* *** **** able ** ***** ** other ******* ** *********' networks.

*******

  • ******** **** - ********* for ***** ********, ****** resulting ** ****** ** service, *** ********* *** calls. ******* ********* ****** ***** ******** Vulnerability.
  • **** **** - *** scripts ** ******* ******* can ** **** ** access ***** *** *** commands ** ****. ********** coverage:******* ******* ******** ************* for *******
  • ******** **** - ******** 0105a, *****, *** ******** other ********, *** *********** to ****** **** ************** bypassed, ******** ***** ******* to ** ****** ******* authentication. ******** ***** ***** should *** ** ********. Additional *********** **** **** security:******* **** **** ******.

****

********

  • ******** **** -******* ***/*** *************- ****** (*********) ******** uses * *********** ** port ******** ** **** enable ****** ***** **** hardcoded **** ***********.
  • ******** **** -******** *** ******** ************* - **** ************ ***** Products ***** ***** ****** Attacks
  • ******* **** - ******** firmware ***** ** ******* 2015 ******* **** ****** enabled, ***** ******* **** well-known ***** *********** ******* attackers ** **** ****** to * **** ***** and ******* *** ******. The **** ******* ******* was ******** ******, ***** ******** ***** and ******** *******, *** took **** ******** ***** and ******* ********* ** October ****. *** ** Xiongmai ***** ********* ** OEM ********* ********, **** affected ******** **** **** under ********* ******.

Beware ** **** / **********

******** *** ******** *************** often ****** ***** ****** manufactured ** ********* ****** in **** *********, ***** OEM'd ********* ********* *** the **** *********** ********. For *******, ***** ****** vulnerabilities **** ** ******* in ******* ******* ******* that *** ************ **** the **** ** ******* firmware.

** ******* ** **** is ******** *********** *************, ***** *** ********** discovered ** ******* ******* or ************ ********, ***** ******** ***, W-Box, *** ******.

** **** *** ***** brands ***** ** ********, see *** *** ***********:

Vulnerability ********* *** **********

*** ********* *** ********* each ************* ****** **** manufacturer ** ************ *** incident ** ********.

** ** ****** *** a ********** ** ******** a ************* ****** ******** and ******* **** ******* to *** ************. *********, manufacturers *** ***** * period ** **** ** correct *** ************* ****** the ****** ********* ******* or ***** ** *******. provide *** ************ **** time ** ******* *** vulnerable ******** ****** ********** details, **** ** ****** ** ******* *******, ****** **** *** published ***** ***-******** ** manufacturers.

**** ********, ************* ******** and ******** *************** ****** their *** ******** *******. For *******, ****' **** recent ************* *** ****-********** and ********* ** ************ ******** ****.

****-**-** ********** ******** ******** *************** * **** ** the ********** ******* ****** tampering (***** ** ****** Boot) ** **** **** and **** *****. **** the**** ******** *********** **** ***********.

*******, **** ** **** common **** *****-***** ***********.

Other ***************

**** ********* ** ******** to ***** ***** *************** over *** **** ******* years, *** ** *** exhaustive. ** *** **** we *** ******* ** exploit,**** ** ** *************** **** ** * tip.

Comments (14)

***** ******* **** ****! Keep **** ****** ** this ** ** ********** and * **** ** see **** ** *** topic ** ************* ******* to ******** ******** ********. For ***** *** ******* in ** ********** *********** like ****** * **** its ***** * ********** overlooked ***** **** ***** to *********.

* ** ******* *** many ****** *** ***** to ** ** ***** cyber **** ******** **** what ***** *** ***** below ***. **** ****** be ** ** *** first ***** ** **** day ** ******** ** having ****** *** **.

************* & ************** ******** Agency - ********** ******* Systems

**** ******** *************** ********

*** *** *** **** new *** **** *****************ü** *-*** ** *** G-Code | ****** **** ****.

Agree: 1
Disagree
Informative: 4
Unhelpful
Funny

******, *****, * ***** the ****** ********** ************* to *** ******** *** report.

Agree
Disagree
Informative: 1
Unhelpful
Funny

********* ****. * ****** appreciate *** ** ***** in *** ********** ********.

Agree
Disagree
Informative
Unhelpful
Funny

* ** ********* **** one *** ************* ** 3 *****. * ******* they **** **** ** them. ***** **** **** all ***.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ***** ******* ** check *** ***** *** Basic ************** ******* **** their ****. **'* *** exactly * ************* ** itself, *** **'* **** a **** ** ******** - * "******" **** with ** ***** ******.

Agree
Disagree
Informative
Unhelpful
Funny

*** **** *** *** to ********, ******** ********** it *** ** *********** to *********. **** ********* use **** ****** **** in ***** *******. ** they **, **** *** required ** ******** **** that ***********, ****** ** their ************* ** ** their ******* *********. *** can ******* *************** ** those ****** ** **** and **** ** *** products *** ******** ** in *** **** **** these ***************.

Agree: 1
Disagree
Informative
Unhelpful
Funny

**** ** *** ***...

Agree
Disagree
Informative
Unhelpful
Funny: 3

IPVM Image

****, *****, ****, ***…

Agree
Disagree
Informative
Unhelpful
Funny

****** *** *** *** ,)

Agree: 1
Disagree
Informative
Unhelpful
Funny

****** ****.

Agree
Disagree
Informative
Unhelpful
Funny

***** **** - **** it ******!

Agree
Disagree
Informative
Unhelpful
Funny

**** *** ******* **** successfully ********* ** *******ü**.

***** ** **** ** our *********, ** ************ initiated * ******** ****** for *** ** *** G-Code ******* ******, ***** is ********* ** *** partners *** *********.

*** *** **** **** information ********* ********** **** -*******ü** *-*** ** *** G-Code | ****

IPVM Image

Agree
Disagree
Informative: 3
Unhelpful
Funny

*****! *** ****-**** ******* of ********** *************** ** much **** ******** **** the *****-**** ******* ** waiting *** ******* **** to ******** ****. ************* IT ************* **** **** vulnerabilities ** ***** *** will ******* ********* *****.

Agree: 2
Disagree
Informative
Unhelpful
Funny

**** ****** *** **** updated **** *** ********* 2021 *************** *********************.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports