Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks


Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.



At least five models of EZVIZ Internet of Things (IoT) cameras are vulnerable to a handful of vulnerabilities that could lead to threat actors accessing, decrypting, and downloading the video from the devices.
EZVIZ is a smart home security brand of cloud-connected hardware used across the globe, offering dozens of IoT security camera models. 
As part of their ongoing research into IoT hardware security, analysts at Bitdefender identified vulnerabilities in at least five EZVIZ camera models, although the team added there could be other affected products as well: 
CS-CV248 [20XXXXX72] - V5.2.1 build 180403
CS-C6N-A0-1C2WFR [E1XXXXX79] - V5.3.0 build 201719
CS-DB1C-A0-1E2W2FR [F1XXXXX52] - V5.3.0 build 211208
CS-C6N-B0-1G2WF [G0XXXXX66] - v5.3.0 build 210731
CS-C3W-A0-3H4WFRL [F4XXXXX93] - V5.3.5 build 22012
First, the security researchers identified a stack-based buffer overflow bug that could lead to remote code execution (CVE-2022-2471). In addition, they found an insecure direct object reference vulnerability at several API endpoints that could allow a cyberattacker to take control of the camera, and a third remote bug that lets an attacker steal the encryption key for the video, the researchers added. 
Finally, a local vulnerability, tracked under CVE-2022-2472, lets an attacker take over the device in earnest. 
When daisy-chained, the discovered vulnerabilities allow an attacker to remotely control the camera, download images and decrypt them, the
IoT cybersecurity
research team added. Use of these vulnerabilities can bypass authentication and potentially execute code remotely, further compromising the integrity of the affected cameras. 
EZVIZ started issuing security updates for the cameras affected by the
IoT bug
starting in June, Bitdefender disclosed.

Last News

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks