Baby Monitor Vulnerable to Attack via Newly Found Bugs

  /     /     /  
Publicated : 23/11/2024   Category : security

Baby Monitor Vulnerable to Attack via Newly Found Bugs


Researchers find holes in Victure IPC360 Camera that could give hackers access to the monitors camera feed.


Newly discovered vulnerabilities in a model of popular baby monitor could allow an outside attacker to access the camera feed or disable encryption of streams stored on the cloud.
Bitdefender uncovered the holes in the Victure IPC360 Camera used in the baby monitor, and has published details in a paper titled Cracking the Victure IPC360 Monitor.
In addition to access to the camera feed, an attacker sharing a network with the camera could also enable the RTSP and ONVIF protocols or exploit a stack-based buffer overflow to completely hijack the device, Bitdefender researchers wrote.
The list of vulnerabilities found in the model include:
AWS bucket missing access control
Camera information disclosure
Remote control of cameras
Local stack-based buffer overflow leading to remote code execution
Hardcoded RTSP credentials
The researchers attempted to reach out to Victure multiple times in 2020 to alert them about their findings, but Bitdefender only received generic responses from the company. So they decided to proceed with the vulnerability disclosure this month.
The IPC360 cloud platform serves several other camera models as well, including the Mibao Wireless IP Outdoor Camera
,
the Akaso P50, and the Robicam Waterproof 360
.
“We estimate that these vulnerabilities are affecting more than 4 million devices worldwide,” says Bitdefender in a release on the findings.
The full research report is available 
here.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Baby Monitor Vulnerable to Attack via Newly Found Bugs