Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam

Author: IPVM Team, Published on Jun 20, 2018

Cybersecurity startup VDOO has uncovered significant vulnerabilities in Axis cameras along with many others not yet disclosed.

In this report, we examine the company and its funding, their vulnerability research, and the value/impact of the vulnerabilities.

************* ******* ******* ******************** *************** ** **** ************ **** **** ****** *** *** *********.

** **** ******, ** ******* *** ******* *** *** *******, their ************* ********, *** *** *****/****** ** *** ***************.

[***************]

Company ********

**** *** *********** ** ****** ** **** ***** *****,**** ******, ******* *****, *** *** **** ****** *********** ** ******* ********. ***** and ***** **-******* ******, ** ******** ******** ****, ***** *********** ** **** **** ******** ** ****. ******* ***** ********* **** **** ****** *** ***, ** well.

* ******* **** ** ****'* ******* ** ****** ******* ** their *******:

**** **** ** ****** *** ******** ********* (**) *** ********* Devices.

***********, **** ** ******** ** ****** *** ***** *** ****** manufacturers (*** ******) * ************ ******* (~$**,*** ** ******* * manufacturer's ********) ***** ********* ************* ****** ** *** ******* *** firmware.

**** **** **** ** ******* (****) * *********** **** ******** the ******* *** **** ******* ** ***** ****** ** * non-vulnerable ******. **** **** ** ********* * ******** ******* *** "post-deployment **********", ********** ** ******* *************** **** ******** ***** ********** a ******* ** ***-**********.

*******

**** ******** *********$** ******* ** ****************,**** ************ *******, *** ***** ********* *********.

**** ***** **** **** **** ** *** **** *******:

** ******* *** ************* ****’* *****-**-***-**** ******** ** ****** (***) security ********, ***** ******** ** *********, ***-**-*** ******* **** ******** devices, ******** *** ***** ******** ************ *** ************** ******** ***** on **** ********, *** ******** ******** ************* *** * **** range ** ********* *******.

Axis ************* *******

**** ********* ***** *************** ** *** ****' ******** **** (******: as ** */**/****, ******* **** **** ***** ** *** **********):

***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****

***** *** ** * **** **** ***** **** *** ****** in **** ************** ****** ** *** ******. *** ******* ******** to ******* ** ****** ** *******, ********* ******** ***** *** advanced *********, ****** ******* ****** *************** **** *******'* ********* ************* ************ ************* *** ****** **** **** ****** *******.

*******, **** **** *********** *** ******, ** ** **** * matter ** **** *** ********** *** *** ****** **** **** advanced ****** ** ****** ******* ***** ******** ***** *******, ****** these *************** **** ******** *** ***** ** *****.

Impact ** *************

*** *************** ******* * ******** *********** ** ***** ** **** and **** ********* ** ****** ** **** ** ****** *** camera ******, ***** *** ******'* ******** (****** *********, **** ***********, video *******) ** *** *** ****** ** * ******** ** other ******* ** ****** *** *******.

**** ****** ************* ******, ***** ****** **** ** **** ************ access ** *** ******* ******** ***.

**** ***** ***** ************ ** ******** ** **** **** ***** overlay ** * ********** ******:

***** ******* ***** ********, *** ******* (** ******* - * small **** ****) ******* ** *** *** **** ****** ** the ***** ******:

Foscam *************

** ******** ** *** **** ***************, ******* ** ****, **** also ********** "***** ***************" ** ****** *********** **** ********* ** ******'* ******** ****. ********* ***** ***** vulnerabilities, ********* *** ***** *** ******* *** ******'* *** ******, inject ********, *** **** **** *** ******.

Botnet ****

**** ****** ** ***** ******* **** **** *** **** *** Foscam *************** *** *********** ** **** ** *** ******* ** a ****** *** **** *** ****** **** *******, ******* ******, or ***** ********. ** ******** ** *** ***** ******, ***** devices *** ***** ****** ********** ** *** **** ******** ******* but****** ************* *******.

VDOO *************** ** *************

** **** ***********, **** ** ************ ******** *********** **************:

  • ****** ******* ********** **** *****: ** *** *** *** ********* as "****"
  • ****** ***** ************: ****** ******** ******** *** ******** ***** *******
  • ****** ******** *****: **** ** ****** *********** ****** ******* ** analyze ******** *** **** ** *******

Axis ********

**** ********** ******** ** **** ********** **** ** ******** ******** *** ******* ********** ****** *** *************** ** *****, ***** ******** *** ********* Axis ****** ******.

More *********** ****** / ******** ******

**** *** **** *** ******, **** **** ** ********** **** vulnerabilities **** **** *************, **** *** *********** ********** ******* ***.

**** ***** **** * ******** ****** ** *** ************* ** the ***** ************ ********, ***** *** **** * ****** ********* focus *** **** *************. ************* ******** **** *** *** ****** significant ******** ********* ****** ** **** ** *** ************* **** have ******** **** ******** ***************. ****, ***** *** ******* **** they *** ****** *** ************, *** **** ** ******* **** are ******** *** *** **** *** *********** *** ******, **** may **** * ********* **** ******* ********.

Addendum: **** ******** ** *********

***** ** ******** *** ********** ********* ** *** ******* ******, we ******* **** * **** ** ********* *** **** *********. There *** * *** ********* ****** ** ******* **** ** are ***** ** ********** **** **** *** *************, *** ** will **** ***** ********* ** **** ** ** ******* ****.

****: ** ***** **** ***** *** ********** **** ************* *** they **** *** *** *********, ** **** ***** **** *** details *****.

  • *: **** ** *** ******* / ****** **** **** ******** follows *** * ************ ** ******* * *******? **** * manufacturer **** ***** ******* ** ***?
  • *: "**** **************-**************** ** ******** ** *** ******'* ******** ****, **** ** does *** ******* *** ****** ** *** ******** ****** ** to *** ****** ****. ** **** ******** ** ********* ******** to ***** *** ************ ** ******** ********* ********-********* ******** ****** and ***** ******** ** ******"
  • *: *** *** ********** *** ***** ****** ** ******** *** firmware/software ** **** ********?
  • *:*** ******** ******* ******* ******-******** ******** ************, ******** ** *** specific ***** ** *** ******, ***** *** ******** *** ******** components *** *** ******** **** *******.
  • *:*** *** ******* *************** ** ** ****** ******** **** **** been ****** ********** ** ***** **********, ** *** **** ****** across **** *** *********?
  • *:** *******, ****** *** ******** **’** **** **** ********* **** one ******’* ****** ** *** ** ****. **’** **** **** in ********* ******* ** **** ** ** **** “*********” *** products & ******* ** *** ****** ** ****** *** ********.
  • *: ** **** ******* ****** *** ***** *********** ****** ** grab *********?
  • *: *** ******** ** ** ** *** ** *** *** not ** ************* ***** ******** ** * ******* “***********” ********* effort. ** *** * ***** **** ** ******** ** (*) vendor ******** (**** ** ******) - ** *** *** ****** properly, ** **** ** (*) **** ******** - ** **** sure **** ******** *** ********* ******, **** ** ** ****** is *** **********; *** (*) ******* *********** ** *** ******** vendor ** **** ** “******* *******” ** ***** ******* ** better ********* ******** *** *** ******** ************ *** ****** *****.
  • *: *** ***** ***** ******** ********** *** *** ********* ********/******* vulnerabilities ***** ***?
  • *:** **** ******** ********* ******* *******, * ******* ***** ******** the *************** ** ********* ******* **** *** ****** *** ******** fields *** ************ **** *** ************ ******* ********. **** ***** these **** ** ******** ***** **** **** ****** ****** ** business ********** *****, ****** ** ********** “********” ** *** ******** and ******* *** ***** ***** ** ********.
  • *: *** **** *** ******* ****** ************ ******** **** ******* when *** ******* ****? **** *** **** *******/*********?
  • *:** **** ********* ** ******** **** *** *** ******* ************* we **** **** ******* **** **** ******* *** *********** **** they *** ** ****** ****** *****-******** *** ** *** **** the ********* ** ** “*******” ** “*********”. **** ********* **** they *** ***** ***** **** *** **** ** ***** ********* regarding ***** ********’ ********.
  • *:** ***** ************ ****** ********* ** **** ** *** **** service **** **** *** **** **** **** *** **** **** and ******? *'* *** *** ******* ************* *** *******, *** this ***** * ****** **** *********, ****** **** *** ****** are ***** *******
  • *:***** ** * ***** *********** ******* *** ************* ********** *******, where ** **** ******** ** **** **** ***** ************ ***** on *** ******** **** ******** ********** **. * ************* ****** in ***** ******** ********** ***** ************* ********* ** **** * fraction ** **** **** ** ********* *** *** *** ** product & ********, *** **** * **** ** ************* *** entire ******** ******* ** *** ************* ********. ********, **** * manufacturer ************* **** *** ********* ******** **** ********, ** * web ******* ******* ****** ** *** ************ ******* *** **********, the *********** ************* ********* ** *** ******** ****** *** *** process **** *** ** ****** **** **, ***** ** **** not ** **** ** ****** ** *** ******* **. ** the ************ ******* ** ******* *** *******, ** **** ******* this *********** *** **** *********, *** ************* ******* **** ** shared ********. ** *** *** ***** **** **** *********, ** provided **** **** ***** **** (**. ******** **** *********) *** the ************* ** *** ***** ***************, ** **** ** ********, verification **** ***** ********** ****** ******* *** *************** *** ******** they ******* ***** ********'* *****.

Comments (33)

** ********* *** ***** ********* ***** ***** ******** **** ***** issue ***** **** * ****** ****** ** ***** ****** **** review ***. **** ****** *** ** **** **** ********** *** commitment **** ** ****** **** ** **** ********.

****** **** * ***** ****. * ****** **** *** ****** to ** *** ** ** *** ************* *****. ** ** $50,000 *** ******* ** $**,*** *** *** ********? ** $**,*** for **** *******, **** ** ****** *****. $**,*** ********** ** have *** ******** ****** **** ***.

**** ** ** ******** **** ****, **** *** ******** **** an******************* ** **** ******, ********* ** *** **** ********* ********* of ****/******** *** ********. * ***** ******* ************* **** ****** and ******* ******* ***** (*****, ****** *******, *********, ***) ***** have ** *** ****.

*****: ********** ** *********, *** ***** ********** *** *starting ***** for pricing to manufacturers.

***, **** ** * **** ***** *** * ************. * hope **** **** ******** ** * ***** **** ** * great ****. ** **** ** ******** ****** **** **** **** manufacturers *** **** ** ** *** ***** ******** ********* **** an ******** ******* ******.

*** ** ** ***** ** *************, *****? *****...?

* **** **** *******.

**’* **** *** ***** ******** ** ** *** ******** *** security *******. * **** *** ************ *** **** ** * resource. **** **.

********* ****** ****** (***** ****) ** ****** ** **** *** quite ******* *** ********** * **** ***, **** *** ****!

***** **** *** ******** **** ***** *** ************, ***'* *** hope ************ *** **** ***.

********* ****** ****** (***** ****) ** ******...

**,*** *** ******* *******?

**** ***** *** ******** ** ***** ** *** **** ************* Scanner?

***: ***, ** ****** **** *** *** *************** ***** ** next ****.

*** *** **** ******* ******* **** ***** ** *****, *** cannot ******* ******* **** ***** ** *** *****.

*** *** **** ******* ******* **** ***** ** *****, *** cannot ******* ******* **** ***** ** *** *****.

********* **’** ****** ***********?

**** ****** ****/***** **** *** ****** ******* ** ****** ***** version ** *** ******* ****.

*******, *** **** ** ****** **** ******** ********* ****** ** inspirational ***** ** ******* *** **** ** *****.

*** ***** **** **** ****** **** **** *** ***** ** the ******** ******.

********* ********-** ***** ** **** *** ***** *** ****** *** honoured *** ******* ** ***** *** ********** ***** ** ***********.

******** *** ******* **** ** **** *** ****** *** *** maximum ****** ** *** ** *** ********'* **** ********, ** lies **** *** *******/****.

********* ********** ** ****. ****** *** ****** ***********, ****.

** ** ********** ** *** *** **** **** ******** ***** take ** **** ***** ** ******** ******** ** *** *************** born **** ***** ***********.

********* ********** *** ******** *********, ******** ********** *** ************ ** take * **** **** ** ***** *****-*** *********.

*** ***** ** ****.

*** **** ** ************** *******.

** *** ****** **** *** ****.

**** *******, ** ***** ************ ****** ********* ** **** ** for **** ******* **** **** *** **** **** **** *** with **** *** ******? *'* *** *** ******* ************* *** cameras, *** **** ***** * ****** **** *********, ****** **** and ****** *** ***** *******.

**** ****** ***** **** ** ***, ** *** **** ** pay >$**,*** ** **** **** ********** ********, **** **** *** usually *** ****?

** ***** ** **** **** *** ***** **** *** *********.

****** *** *** ********, * ******* *** ** **** *** a ********.

** *******, * ****** ******* **** ***** ******* * ******* as ***-**********, *** **** ********** ********, ******* *** ******* ** the ************, ********* **** ******?

***** ******* * ******* ** ***-**********, *** **** ********** ********, without *** ******* ** *** ************, ********* **** ******?

*** ******* ** *** ********. ***'* *** * *** *********. I **** ** **** *** *** "*** **** ** **." I *** ** *****. * ***** ***** **** ***** **** and **** ** ***** ** ******** ***************. *** ******** **** is: ** * ****** ** ****, **** **** ******** ***** vulnerabilities?

* ***, *** *** **** ******* ** *** ***-********* *****. I ******* ***** ***** ** ******** ** *** ************ *** trying ** **** * *** ******* ** * ******** ***** to ******* *** ************* ****.

****, *** ****** ******** ********** ****** ******** ***** ************* ******.

**** ** ***** * *** ****** ****, ** **** **** not **** * *********** **** **** *** ********* ****. *** example ******** ****, ** **** **** **** *** **** *************, will **** *** **** ********* ** **** *** *** **** ISN'T ***** ******. ** **'* *** ******, ***** ** ** a ****** ********* ***** **. **** ** $**,*** ** ** will ***** ** ******* ***** **** *************.

** **** *** *** ********* **** *** **** $***, **** thats ****** ****** *** * **** ******* **** ********* ***** business **** ****. **** ****** ***** *** ****** ** ** the *************.

* ***** ****** **** *** ****** ********* ********** ***** *** to ****** ********* *** ********* ******** ***** ** *****.

* ***** ********** ** **** ***** *** ******* ** *** manufacturer *** *** ******* ** *** ************* ** * ********** amount ** ****, *** ****** ****** ********. *** **** **** I ***** **** ***** **** ** ****** *** ************ ** that **** ******* *** *** ***** ** ****** ******** ******* that **** *** *** ****.

**** ***** *****, ****** *** ********** **** *****.

* ***** ********* ** * ****** *** ** *** **, unless **** **** *********** ********** *************** *** ***-******** ** **** point.

** * ************ ***** ***** ***** ***** ********, *** $*** is ***** **** *****. ** ***** * ********** ** ***** security. ****, ****/** * ************* ** *****, * ***** ****** VDOO ***** **** **** * ***** ** *** **** ** patch ****** **** **********. ** **** **** *** ******** *** issue *** **********, *** *** ************ ***** ***** ********** ** cyber.

************* ***** ***** $ ** *********** *******...

* ***** ***** **** ***** **** **** ******** ********* ** manufacturers **** ** ********* ** ******** ***** * ************* ****** of **** ** ******** **** *** ******* ******** *** *** disclose *** ***** ****** *** ***-******* ******, ******** **** **** before *******.

************* ******* ** ********* ****** ** ***** * ***** **** to **** ********.

**** ** **** *** ********** **** ******* (***** *** ****** have ****** *** ** *** ***'* **** **** ***** *****.)

****** ******, * **** ** ****** *** **** ** **** that, *** **** ** ******** *** ** *** **** ***** details **** ******** ** *** ***(*).

**** ******** **** ********** ** *** ****** **** **** *** CVE ********* ******* **** **** *****, ** **** ****** ***** to ****** ****.

* ***** **** *****/***** **** * ***** "******" *** ******** devices....

** ******** ******* *** **** ***** ** *** ******.

***** ** ******** *** ********** ********* ** *** ******* ******, we ******* **** * **** ** ********* *** **** *********. There *** * *** ********* ****** ** ******* **** ** are ***** ** ********** **** **** *** *************, *** ** will **** ***** ********* ** **** ** ** ******* ****.

  • *: **** ** *** ******* / ****** **** **** ******** follows *** * ************ ** ******* * *******? **** * manufacturer **** ***** ******* ** ***?
  • *: "**** **************-**************** ** ******** ** *** ******'* ******** ****, **** ** does *** ******* *** ****** ** *** ******** ****** ** to *** ****** ****. ** **** ******** ** ********* ******** to ***** *** ************ ** ******** ********* ********-********* ******** ****** and ***** ******** ** ******"
  • *: *** *** ********** *** ***** ****** ** ******** *** firmware/software ** **** ********?
  • *:*** ******** ******* ******* ******-******** ******** ************, ******** ** *** specific ***** ** *** ******, ***** *** ******** *** ******** components *** *** ******** **** *******.
  • *:*** *** ******* *************** ** ** ****** ******** **** **** been ****** ********** ** ***** **********, ** *** **** ****** across **** *** *********?
  • *:** *******, ****** *** ******** **’** **** **** ********* **** one ******’* ****** ** *** ** ****. **’** **** **** in ********* ******* ** **** ** ** **** “*********” *** products & ******* ** *** ****** ** ****** *** ********.
  • *: ** **** ******* ****** *** ***** *********** ****** ** grab *********?
  • *: *** ******** ** ** ** *** ** *** *** not ** ************* ***** ******** ** * ******* “***********” ********* effort. ** *** * ***** **** ** ******** ** (*) vendor ******** (**** ** ******) - ** *** *** ****** properly, ** **** ** (*) **** ******** - ** **** sure **** ******** *** ********* ******, **** ** ** ****** is *** **********; *** (*) ******* *********** ** *** ******** vendor ** **** ** “******* *******” ** ***** ******* ** better ********* ******** *** *** ******** ************ *** ****** *****.
  • *: *** ***** ***** ******** ********** *** *** ********* ********/******* vulnerabilities ***** ***?
  • *:** **** ******** ********* ******* *******, * ******* ***** ******** the *************** ** ********* ******* **** *** ****** *** ******** fields *** ************ **** *** ************ ******* ********. **** ***** these **** ** ******** ***** **** **** ****** ****** ** business ********** *****, ****** ** ********** “********” ** *** ******** and ******* *** ***** ***** ** ********.
  • *: *** **** *** ******* ****** ************ ******** **** ******* when *** ******* ****? **** *** **** *******/*********?
  • *:** **** ********* ** ******** **** *** *** ******* ************* we **** **** ******* **** **** ******* *** *********** **** they *** ** ****** ****** *****-******** *** ** *** **** the ********* ** ** “*******” ** “*********”. **** ********* **** they *** ***** ***** **** *** **** ** ***** ********* regarding ***** ********’ ********.
  • *:** ***** ************ ****** ********* ** **** ** *** **** service **** **** *** **** **** **** *** **** **** and ******? *'* *** *** ******* ************* *** *******, *** this ***** * ****** **** *********, ****** **** *** ****** are ***** *******
  • *:***** ** * ***** *********** ******* *** ************* ********** *******, where ** **** ******** ** **** **** ***** ************ ***** on *** ******** **** ******** ********** **. * ************* ****** in ***** ******** ********** ***** ************* ********* ** **** * fraction ** **** **** ** ********* *** *** *** ** product & ********, *** **** * **** ** ************* *** entire ******** ******* ** *** ************* ********. ********, **** * manufacturer ************* **** *** ********* ******** **** ********, ** * web ******* ******* ****** ** *** ************ ******* *** **********, the *********** ************* ********* ** *** ******** ****** *** *** process **** *** ** ****** **** **, ***** ** **** not ** **** ** ****** ** *** ******* **. ** the ************ ******* ** ******* *** *******, ** **** ******* this *********** *** **** *********, *** ************* ******* **** ** shared ********. ** *** *** ***** **** **** *********, ** provided **** **** ***** **** (**. ******** **** *********) *** the ************* ** *** ***** ***************, ** **** ** ********, verification **** ***** ********** ****** ******* *** *************** *** ******** they ******* ***** ********'* *****.
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Large Hospital Security End User Interview on Mar 21, 2019
This large single-state healthcare system consists of many hospitals, and hundreds of health parks, private practices, urgent care facilities, and...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
OpenALPR Acquired By Mysterious Novume on Mar 13, 2019
Startup OpenALPR has been acquired by Novume, a company virtually unknown in the industry. While there are many LPR providers (see our directory),...
BCDVideo Expansion And Switch From HP To Dell Examined on Mar 11, 2019
BCDVideo says they have more than tripled revenue in the past 5 years and are continuing to grow, powered most recently by switching their lead...
Start Up Safe Zone $150 Gunfire Detector Profile on Mar 06, 2019
While gunfire detectors have been around for years, typically they are limited to enterprise level or municipal deployments. Startup AVidea, makers...
What Is the Importance of Revenue vs Profitability for Integrators? Statistics on Mar 01, 2019
A company can be highly profitable but if it is small, they will still not make much money. By contrast, a company can generate lots revenue, but...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Cisco Meraki Cloud VMS/Cameras Tested on Feb 13, 2019
Cisco Meraki says their cameras "bring Meraki magic to the enterprise video security world". According to Meraki, their magic is their management...
Solink Raises $12 Million - Company Profile on Feb 12, 2019
Most industry professionals have never heard of Solink, a company whose tagline is: It's time to revolutionize the way business uses...

Most Recent Industry Reports

IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019
A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...
Eagle Eye Favorability Results 2019 on Mar 21, 2019
Eagle Eye has been the biggest spender in the cloud VMS market including (via their owner) acquiring Brivo for $50 million and CameraManager from...
Large Hospital Security End User Interview on Mar 21, 2019
This large single-state healthcare system consists of many hospitals, and hundreds of health parks, private practices, urgent care facilities, and...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
Covert IP Camera Shootout - Axis, Hanwha, Hikvision, March, Vivotek on Mar 20, 2019
Covert cameras were one of the last holdout areas for analog cameras. However, in the past few years, IP / HD covert cameras have become...
Top Metrics For Ensuring Integrator Profitability - Statistics on Mar 20, 2019
How do integrators ensure the profitability of their projects? As part of our profitability study, 100+ integrators answered the following...
Avigilon Launches 'Renewed Products Program' on Mar 19, 2019
There are lots of 'pre-owned' cars but pre-owned IP cameras? While such programs are common in other industries, in video surveillance, they are...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Retired Mercury President Returns As Open Options President on Mar 18, 2019
Open Options experienced major changes in 2018, including being acquired by ACRE and losing its President and General Manager, John Berman who...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact