Security researchers disclosed seven vulnerabilities in the firmware of 390 models of Axis IP cameras that threat actors can exploit to gain full control to video streams and software, render the device useless, use as an entry point for network infiltration, or use for other attacks such as distributed denial of service (DDoS). The manufacturer released solutions for these flaws after being notified, and users of the identified models should update their firmware as soon as possible.
Researchers notified Axis Communications of the vulnerabilities after examining a number of Internet of Things (IoT) flaws affecting consumer and commercial products, including zero-day vulnerabilities. Using three of the flaws in sequence allows remote access for shell commands with root privileges, as well as other controls with accompanying proofs-of-concept (POCs) for the following:
The researchers add that none of the flaws have been exploited in the wild, but warn that the company’s customers should immediately update their firmware to protect their systems. Axis’ presence spans more than 150 countries and offers IP cameras in public and private spaces such as casinos, banks, prisons, and transportation systems.
This report adds to a growing list of IoT concerns. Here are a few ways to mitigate these risks:
Trend Micro™ Smart Home Network™ customers are protected from this threat with these rules:1134791 WEB Axis Cameras Authorization Bypass Vulnerability (CVE-2018-10661)
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.