Security researchers disclosed seven vulnerabilities in the firmware of 390 models of Axis IP cameras that threat actors can exploit to gain full control to video streams and software, render the device useless, use as an entry point for network infiltration, or use for other attacks such as distributed denial of service (DDoS). The manufacturer released solutions for these flaws after being notified, and users of the identified models should update their firmware as soon as possible.
Researchers notified Axis Communications of the vulnerabilities after examining a number of Internet of Things (IoT) flaws affecting consumer and commercial products, including zero-day vulnerabilities. Using three of the flaws in sequence allows remote access for shell commands with root privileges, as well as other controls with accompanying proofs-of-concept (POCs) for the following:
Access to real-time video stream
Freeze the video stream
Control direction and activate/deactivate motion detection
Add to a botnet
Alter the software
Perform lateral movement after network infiltration
Render it useless
Perform other malicious tasks such as cryptocurrency mining and DDOs attacks
The researchers add that none of the flaws have been exploited in the wild, but warn that the company’s customers should immediately update their firmware to protect their systems. Axis’ presence spans more than 150 countries and offers IP cameras in public and private spaces such as casinos, banks, prisons, and transportation systems.
Trend Micro™ Smart Home Network™ customers are protected from this threat with these rules:
1134791 WEB Axis Cameras Authorization Bypass Vulnerability (CVE-2018-10661) 1134792 WEB Axis Cameras /bin/ssid Process Crash (CVE-2018-10659) 1134793 WEB Axis Cameras Dbus Unrestricted Access (CVE-2018-10662) 1134794 WEB Axis Cameras Shell Command Injection (CVE-2018-10660) 1134795 WEB Axis Cameras /bin/ssid Process Information Disclosure (CVE-2018-10663) 1134796 WEB Axis Cameras Dbus /bin/ssid Process Crash (CVE-2018-10658)
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).