Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits

Published Jul 29, 2021 18:02 PM

Cybersecurity vulnerabilities have escalated over the past few years and keeping track of who is impacted by each can be difficult.

IPVM Image

This list, updated for 2024, compiles reported exploits for the security industry by date and by manufacturer, with a brief description of each exploit, the affected product(s) and version(s), and links to further reading for each.

Those interested in cybersecurity should also see our Cybersecurity Rankings reports:

Exploit ********

*** ******** ***** ***** * ******* of **** ************* ***** **** * link ** *** ********* ** ***** information.

***** ** **** **** ******** **** screen.

Exploits *** ******** *********

*** **** ***** ***** ***** ******** by **** ******* *** ****** *********:

***

****

  • ********* **** - ******** ******* **.**.**.**.***, and ******** ******* ********, ******* ******** vulnerabilities ********* ****-***** *****-***** ******** *** authentication ****** ********. ********** ******* ****** ******.

********

****

*****

  • ******** **** -* *************** ********, ***** ******* ******* ********* *** denial ** *******.
  • ******** **** -*****, ******** ****-******** ***************: *** **.* ******** *************** ***** with *.* *** *.* ***** ***************. The ***** **.* ************* ******* ***** BVMS *** **** *************** ** ********* data ***** ********* *** *** ** remotely ******* ****. *** ***** **.* vulnerability ******* ** ***** ***** ********* Gateway *** ** **** ******** *********** due ** *** *** ******** ******* authentication *** ******** *********.
  • ******* **** - *** ***/***/*** ***** with ******** ******* *.**, *** ******** older ********, *** ********** ** ******** where ********* *** **** *********-******* **** to *** ****** ** ****** ****** access, ***** ******** * **** ******* that **** *** ******* **************. ** special ******** ** ******** ** ***** out **** ******. ************* ******* *** proof ** ******* ******** *** ****** in ********* ******* *****.

*****

*****

Dedicated ******

  • ****** **** - ********* ****** ****, including ** ***** **-** *******, ** Advanced, **, ********, *** ***, **** with ** ******* ***********, *** ******** protocols *******. **** *** ***** ********* to **** **** *** ****** ***/** to ***** ******* ******* ****** *****. Additional ******* **** ******.

*********

****

*********

  • **** ****-********* *.* ******** ************* **** ******* Examined- *** ** ********** ********* * critical *.* ************* ** * ********* camera,***-****-****,********* ******** ************** ** * ********* GV-ADR2701 ** ******. **** ******** **** this ** *** ***** **** ********* but ***** **** *******
  • ******* **** - ** ******** ***** than ******** **** *** *** **** root ****** **** ****** * **** command ****** *** ** **** ** a *******. **** ** * ****** copy / ***** / ***** ******** IP *******. ***** *** ** ******** vulnerabilities **** ***** **** ********* * screen **** ** ******** *** ****** credentials ** ***** ****.**** ******* **** ****.

*******ü**

  • **** **** - *-*** ** *** G-Code ********* ** **** ******* ** their ************* **** ****; ** ************** bypass ************* *** **** **********. *** existing **** ****** ************ ***** ***** attackers ** ****** *** ****** ******* that *** ***** ****** **** *********. More******* **** **** ****.
  • ******** **** - ** *-***/***-**** **** firmware ******* *.**.*.** ** ************** ****** vulnerability *** **** **********. *** ******** file ****** ************ ***** ***** ********* to ****** *** ****** ******* **** may ***** ****** **** *********. ******* in*** **** ********.

******

***

*********

*********

  • ******* **** -********* ****** *** & *** *************- ********* *** **** ** ******** execute **** *** *** *** ********* vulnerability ** ******** *** ***** **** unauthenticated ****** ** *** *** **** interface **** ***** ******.

*******

  • ******** **** -******* ******** *************, **** * *.* **** *****, impacting ******** ********* **** ** *********** and *********** ********. **** ******** * critical ************* **** ******* ** ************** bypass ******* * *** ** ********'* implementation ** *** *** ********.

*****

  • ***** **** -***** *************** **** ** **** *******- * ***************: ******* ********* *************** with ********, ***, *** ***, ********* credentials, *** ********* **** ******* ************* with ***** ****.

*********

  • ******** **** - ********* ****** ******** prior ** ~******** **** *** ******* a ****** ** *************** ********* ****-***** credentials *** *** ******* ** ******* admin ******** *** *************** *** *****, making *** ******* ****** ********** ** attacks.

**********

  • ****** **** - **** *** **** service *** ********** ** ******** ***** of ****** ******** *******. ******* *** uPNP ** **** ***** ** ********, making **** ******* ** ******* ** many ********. ~**** ***** ********. **** details ************* ********** ** ********** *************.

*******

Network *****

****

  • ******* **** - **** **-**** ***** firmware ******* **-*******.**.****.*********, ******** ******* *********** of *****:*****, *** ************:******. * ****** network ******** *** **** ********** ****** to * ********** ******. ******* *********** can ** ***** ****** ************* ********** **** *****.
  • ****** **** - ******** *******, ********* the *******, ********, *******, ***** *** NVRSolo **** ******** ***** ** *.*.* have ******** *************** **** ***** *** remote **** *********, ****** **** *******, remote **** ********, *** ***** *******. Exploits *** ****** ** ********* ***** multiple ***, *********:*****,*****,*****,*****,*****,*****,*****,*****. **** ** ***** ********** * critical ************* **** ** **** *** an ******** ** ******* ******* *** device.

*****

********

  • ******** **** - ******** ***'* **** under ******* ****** *** ******** **** multiple ********, ********* ******* ** ****** authentication *** *** ****** ******. ******* can ** ***** ***** *********** ****.

****

  • **** **** -**** ***** **** ***************- ****** ******** ** ** ******** without ***** ***********, ******* ******** ***** to **** **** ******** ** ******* so ** ** **** ******* **** some *****, ******* ***************.
  • ******** **** - ********* *** ******** enable ****** ** *** * *** Gen * ******* **** ******** ***** to *.**.** *** *.*.* ************, ******** them ** *********** ***** ** ****.********** ******* ** *** ******** ** this *******.

*******

  • ******** **** - ********* ******* **** allow ** ******** ** **** *****-***** privileges ** ******** *******. **** ** affected ******* *** *********** ******** ******** to ******* **** ***** *** ******** by *******.

TBK (*** ***** ***, *-***, *** ****)

******

***

********

  • ***** **** -******** '***********' **** ******- ************ ****** ** **** ** their ******* ****** ** * "*****-***** cloud ********" (****** *** ********).
  • ***** **** - * ******* ********* vulnerability *** ******** ** ******** ***** to ***** *.*.*. ********** *** **** of *******, *** ***** ****** ****** holes ** *******, **** ** ******* shells, ** ******** ********.

*******

*******

  • ***** **** -******* **** ****- ******* **** **** ** *** root / ***** ****** ** *** ~150,000 ******* *** **** **** ** pivot ** ***** ******* ** *********' networks.

*******

  • ******** **** - ********* *** ***** overflow, ****** ********* ** ****** ** service, *** ********* *** *****. ******* in******* ****** ***** ******** *************.
  • **** **** - *** ******* ** Vivotek ******* *** ** **** ** access ***** *** *** ******** ** root. ********** ********:******* ******* ******** ************* *** *******
  • ******** **** - ******** *****, *****, and ******** ***** ********, *** *********** to ****** **** ************** ********, ******** video ******* ** ** ****** ******* authentication. ******** ***** ***** ****** *** be ********. ********** *********** **** **** security:******* **** **** ******.

Wansview (** *****)

****

********

  • ******** **** -******* ***/*** *************- ****** (*********) ******** **** * combination ** **** ******** ** **** enable ****** ***** **** ********* **** credentials.
  • ******** **** -******** *** ******** ************* - **** Manufacturer ***** ******** ***** ***** ****** Attacks
  • ******* **** - ******** ******** ***** to ******* **** ******* **** ****** enabled, ***** ******* **** ****-***** ***** credentials ******* ********* ** **** ****** to * **** ***** *** ******* the ******. *** **** ******* ******* was ******** ******, ***** ******** ***** *** ******** devices, *** **** **** ******** ***** and ******* ********* ** ******* ****. Due ** ******** ***** ********* ** OEM ********* ********, **** ******** ******** were **** ***** ********* ******.

Beware ** **** / **********

******** *** ******** *************** ***** ****** other ****** ************ ** ********* ****** in **** *********, ***** ***'* ********* typically *** *** **** *********** ********. For *******, ***** ****** *************** **** be ******* ** ******* ******* ******* that *** ************ **** *** **** or ******* ********.

** ******* ** **** ** ******** *********** *************, ***** *** ********** ********** ** Amcrest ******* ** ************ ********, ***** ******** ***, *-***, *** others.

** **** *** ***** ****** ***** be ********, *** *** *** ***********:

Vulnerability ********* *** **********

*** ********* *** ********* **** ************* varies **** ************ ** ************ *** incident ** ********.

** ** ****** *** * ********** to ******** * ************* ****** ******** and ******* **** ******* ** *** manufacturer. *********, ************* *** ***** * period ** **** ** ******* *** vulnerability ****** *** ****** ********* ******* or ***** ** *******. *********** ******* the ************ **** **** ** ******* the ********** ******** ****** ********** *******, such ** ****** ** ******* *******, ****** **** *** ********* ***** non-response ** *************.

**** ********, ************* ******** *** ******** vulnerabilities ****** ***** *** ******** *******. For *******, ****' **** ****** ************* was ****-********** *** ********* ** ************ ******** ****.

****-**-** ********** ******** ******** *************** * **** ** *** ********** against ****** ********* (***** ** ****** Boot) ** **** **** *** **** S3008. **** ******* ******** *********** **** ***********.

*******, **** ** **** ****** **** third-party ***********.

Other ***************

**** ********* ** ******** ** ***** major *************** **** *** **** ******* years, *** ** *** **********. ** you **** ** *** ******* ** exploit,**** ** ** *************** **** ** * ***.

Comments (19)
Avatar
Kevin Mundy
Jul 29, 2021
Stanford University

***** ******* **** ****! **** **** coming ** **** ** ** ********** and * **** ** *** **** on *** ***** ** ************* ******* to ******** ******** ********. *** ***** not ******* ** ** ********** *********** like ****** * **** *** ***** a ********** ********** ***** **** ***** to *********.

* ** ******* *** **** ****** who ***** ** ** ** ***** cyber **** ******** **** **** ***** two ***** ***** ***. **** ****** be ** ** *** ***** ***** of **** *** ** ******** ** having ****** *** **.

************* & ************** ******** ****** - Industrial ******* *******

**** ******** *************** ********

*** *** *** **** *** *** from *****************ü** *-*** ** *** *-**** | CISA** **** ****.

(1)
(4)
Avatar
John Scanlan
Jul 29, 2021
IPVM • IPVMU Certified

******, *****, * ***** *** ****** Geutebruck ************* ** *** ******** *** report.

(1)
UI
Undisclosed Integrator #1
Jul 29, 2021

********* ****. * ****** ********** *** of ***** ** *** ********** ********.

UI
Undisclosed Integrator #2
Jul 30, 2021

* ** ********* **** *** *** vulnerability ** * *****. * ******* they **** **** ** ****. ***** like **** *** ***.

(1)
UM
Undisclosed Manufacturer #3
Jul 30, 2021

* ***** ******* ** ***** *** still *** ***** ************** ******* **** their ****. **'* *** ******* * vulnerability ** ******, *** **'* **** a **** ** ******** - * "locked" **** **** ** ***** ******.

UI
Undisclosed Integrator #4
Jul 30, 2021

*** **** *** *** ** ********, although ********** ** *** ** *********** to *********. **** ********* *** **** source **** ** ***** *******. ** they **, **** *** ******** ** publicly **** **** ***********, ****** ** their ************* ** ** ***** ******* somewhere. *** *** ******* *************** ** those ****** ** **** *** **** if *** ******** *** ******** ** in *** **** **** ***** ***************.

(1)
bm
bashis mcw
Jul 30, 2021

**** ** *** ***...

(3)
U
Undisclosed #5
Aug 02, 2021
IPVMU Certified

IPVM Image

****, *****, ****, ***…

bm
bashis mcw
Aug 04, 2021

****** *** *** *** ,)

(1)
(1)
DL
David Leinenbach
Jul 31, 2021

****** ****.

DF
David Fitches
Aug 01, 2021

***** **** - **** ** ******!

PM
Paul Mockenhaupt
Aug 02, 2021

**** *** ******* **** ************ ********* at *******ü**.

***** ** **** ** *** *********, we ************ ********* * ******** ****** for *** ** *** *-**** ******* series, ***** ** ********* ** *** partners *** *********.

*** *** **** **** *********** ********* mitigation **** -*******ü** *-*** ** *** *-**** | CISA

IPVM Image

(3)
Avatar
John Bredehoft
Aug 02, 2021
Bredemarket / Incode Technologies

*****! *** ****-**** ******* ** ********** vulnerabilities ** **** **** ******** **** the *****-**** ******* ** ******* *** someone **** ** ******** ****. ************* IT ************* **** **** *************** ** occur *** **** ******* ********* *****.

(2)
Avatar
John Scanlan
Sep 20, 2021
IPVM • IPVMU Certified

**** ****** *** **** ******* **** the ********* **** *************** *********************.

Avatar
John Scanlan
Oct 06, 2021
IPVM • IPVMU Certified

**** ****** *** **** ******* **** the******* **** *************** **** ****.***********-*********************** **** **** ********** ** **** firmware ** * ************* **********, ********* 300+ ******.

SM
Salvador Martinez
Nov 04, 2021

* ** ** **ï**...

FO
Fawaz Owayda
Jan 17, 2022
IPVMU Certified

***, **** ** **** ********. ***** you *** *** ****.

AM
Andrew Myers
Mar 30, 2022
(1)
GL
Garrett Lucas
Jun 28, 2022

***** **** **** *******.