Cyber Security

Well-liked IoT Cameras Want Patching to Fend Off Catastrophic Assaults

At the very least 5 fashions of EZVIZ Web of Issues (IoT) cameras are weak to a handful of vulnerabilities that would result in menace actors accessing, decrypting, and downloading the video from the units.

EZVIZ is a great dwelling safety model of cloud-connected {hardware} used throughout the globe, providing dozens of IoT safety digicam fashions. 

As a part of their ongoing analysis into IoT {hardware} safety, analysts at Bitdefender recognized vulnerabilities in a minimum of 5 EZVIZ digicam fashions, though the crew added there might be different affected merchandise as nicely: 

  • CS-CV248 [20XXXXX72] – V5.2.1 construct 180403
  • CS-C6N-A0-1C2WFR [E1XXXXX79] – V5.3.0 construct 201719
  • CS-DB1C-A0-1E2W2FR [F1XXXXX52] – V5.3.0 construct 211208
  • CS-C6N-B0-1G2WF [G0XXXXX66] – v5.3.0 construct 210731
  • CS-C3W-A0-3H4WFRL [F4XXXXX93] – V5.3.5 construct 22012

First, the safety researchers recognized a stack-based buffer overflow bug that would result in distant code execution (CVE-2022-2471). As well as, they discovered an insecure direct object reference vulnerability at a number of API endpoints that would permit a cyberattacker to take management of the digicam, and a 3rd distant bug that lets an attacker steal the encryption key for the video, the researchers added. 

Lastly, a neighborhood vulnerability, tracked below CVE-2022-2472, lets an attacker take over the gadget in earnest. 

“When daisy-chained, the found vulnerabilities permit an attacker to remotely management the digicam, obtain photographs and decrypt them,” the IoT cybersecurity analysis crew added. “Use of those vulnerabilities can bypass authentication and doubtlessly execute code remotely, additional compromising the integrity of the affected cameras.” 

EZVIZ began issuing safety updates for the cameras affected by the IoT bug beginning in June, Bitdefender disclosed.

What's your reaction?

Leave A Reply

Your email address will not be published.