Security Affairs
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to hack surveillance cameras from 70 vendors

A security researcher has discovered that surveillance cameras sold by more than 70 vendors worldwide were vulnerable to Remote Code Execution (RCE). According to the security researcher Rotem Kerner, surveillance cameras from 70 vendors are vulnerable to Remote Code Execution (RCE). The researcher noticed that the vendors are selling products using the same firmware that is affected […]

How to hack surveillance cameras from 70 vendors

A security researcher has discovered that surveillance cameras sold by more than 70 vendors worldwide were vulnerable to Remote Code Execution (RCE).

According to the security researcher Rotem Kerner, surveillance cameras from 70 vendors are vulnerable to Remote Code Execution (RCE).

The researcher noticed that the vendors are selling products using the same firmware that is affected by an RCE vulnerability.

In the “white labeling” business model, various vendors simply sell the same product by applying their logo on the device, unfortunately, they never perform hardware and software qualification.

The vulnerable firmware is developed by a Chinese manufacturer TVT, Kerner that analyzed it discovered how to compromise DVR boxes of the CCTV systems.

The firmware analyzed by Kerner is used in products from an Israeli company selling CCTV systems, the code implements a vulnerable HTTP server.

cctv camera installation surveillance cameras

The security vulnerability relies in the server checking if the directory of a given language exists. If the folder doesn’t exist the software executes an extraction command opening the door to a a remote command line execution.

Below the explanation provided by the researcher:

It reads the URI, and if it contain something like the following – /language/[language]/index.html

its going to extract the [language] in between the slashes and check
if the directory exists, if not it is going to execute this command 

tar –zxf /mnt/mtd/WebSites/language.tar.gz [language]/* -C /nfsdir/language
This basically gives us a remote command line execution. Awesome!

Kerner also published a proof-of-concept code for the vulnerability affecting the firmware.

Kerner noticed that tens of thousands of products are currently the same vulnerable implementation of the HTTP server. His affirmation is motivated by the results produced querying the Shodan search engine, however, the number of vulnerable devices not reached by Shodan could be much higher.

“A quick Shodan query, revealed their distribution; a total of over 30,000(!). Quite a lot and yet I’m sure this is only a small portion of them.” said the researchers.

Kerner tried to report the issue to the original manufacturer TVT, but he has received no response, so he decided to disclose a list of vendors selling then devices with flawed firmware.

Pierluigi Paganini

(Security Affairs – surveillance cameras, hacking)

[adrotate banner=”9″]