BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Zavio IP Cameras Multiple Vulnerabilities

Disclosed May 28, 2013    Zeroday : 424 days

Vulnerability Description:

Zavio IP cameras contain multiple vulnerabilities, ranging from hard-coded credentials to command injection. These vulnerabilities may be leveraged to allow a remote attacker to gain unauthorized access to camera devices and possibly sensitive information.

Vendors:

Zavio

Vulnerable Software/Devices:

Zavio F3105 and F312A IP cameras, but other models may also be affected.

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
Exploitation of this vulnerability is possible through the use of injecting arbitrary commands. Remote attackers who successfully exploit this vulnerability will be able to execute commands on the vulnerable system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19788 - Zavio IP Cameras Multiple Vulnerabilities (Zero-Day)

Mitigation:

Do not leave cameras publicly facing to the Internet. Enable RTSP authentication to prevent anyone from viewing video streams from the device. Limit access to manufacture.cgi and wireless_mft.cgi, and check the parameter General.Time.NTP.Server in requests for /opt/cgi/view/param.

Links:

CVE(s):