Vulnerability *******
***-****-**** ** ****** ** * ******** ***** of **.*, *** ********* * ************* in * *** ****** **** *** be ********* ** ***** ** *************** attacker (*********) ** ******* ***** ******** as ****. ***-****-**** ** ****** ** * *.*, *** describes * ************* ** * ******** cgi ****** **** *** ** ********* to ***** ** *************** ******** ** read *** **** ** *** ******, including ****** ***** **** ** *** password ********.
Original ********** ** ******* **********
******* **, * ******** ********** ** ***** who **** **** ** "********" *** "Chromium1337"********* ******* ** *** ******** ** June ****. ** ********* *********** *** ********** a ******* ******** ***** *** ********, and ******** **** ***** ******** *** exploiting **** ** ***** ***************.
NOT ********* ** *************** *****
***** *** ***'* ***** **** *** vulnerabilities ** *** ******* * ***** to *******, **** ******* *** *** researcher reporting *** ************* *** *********** **** a ******* ********, ****** *** **** ************ *** the ****** ** ***** ****** ****** with ** ***** ********.
Admin-Level ****** ********
*** *************** ******** ******* ** *** web ********* **** *** ************** *****, and ** * ******** ********** *** only ********** ** ***** **** ** admin-level *****. ***** ***** *** ********* the ******* *** *************** ******, ******* ************ recommends ******* ***** ****.
************* *** ***'* ** ******* *** requirement ** **** ******* ****** ** the ****** ***** *** ******* ***** by *, *** ***** *** ************** score *** **** **** ** ** 8. ***** ***** *********** **** ** overall ******* ***********, *** *************** ****** much **** ****** ** ** ********* in ****-***** *********.
Default ** ********
*** *******, ********* *** ************ ** this *****, ** **** ******* ******** to ** ********, ******** *** **** to ****** *** ****** ****** * password ** ***********. **** ** * security **** ** ******.
*******'* ******** ********* ***** ********* *** **** ******** ** *** first **** ***** ********* ********, ************ users *** * ****** ********, *** warning ** *** ***** ** ***** weak ** ** *********. ***** *** follow *******'* ***** *** ******* **** passwords ***** ************* ****** *** ******* of ***** *************** ***** *********. *******, Vivotek ***** ******* *** ******** ** forcing ****** ********* ** *******.
Vivotek Working ** ******* ********
******* ****** **** **** **** ***** of **** ************* **** ***** *********, and **** **** ******* ** ******** updates ** ******* **. ********** ****** ** ************, ********** ** **** ******** ******* available ** **** **, ****.
OEM/ODM ****** *** ********
******* **** ******** ***/*** ******** *** some ********* ** *** ********. ********* to *******, ** **** ***** ***** products *** ******** ********* ** *** company ***'*** *** *******, *** **** those ******** ***** *** **** *******'* scripts, *** ********** ***************.
Few ******** ********** *******
* ****** ***** ******** ********** *** publicly-accessible ******* *******, *** **** ** those ******** ** ************** *****, ********** they *** ********* ** ***** **** level ** **** ********.

Risk ********-***
*******, ***** *************** **** * ********** low ****, ************ ******* ***** ****** level *** ** ************* ******* **** by ******* * ****** ***** ********, something ********* ***** *** ******* **, if **** **** *** *******. *******, because **** ** ***** *** ********* for ********* ** *** ****** ** critical ***** ** *** ******, ** possibly **** *** ****** **** * botnet ******, ****** ** ******* ******* should ****** **** *** *** ******* root ********* *****, ** ***** **** passwords.
UPDATE **** **
******* *** ******* ******* ******** *** the ******** ******. ******** *** ** found ** *******'* ******* ****, *** ******** **** **** * "2017.07" ****.
Comments (1)
Brian Karas
UPDATE: Vivotek did release updated firmware for the affected models. Firmware can be found on Vivotek's support page, new firmware will have a "2017.07" date.
Create New Topic