Cyber Security

Widespread IoT Cameras Want Patching to Fend Off Catastrophic Assaults

Written by admin

Not less than 5 fashions of EZVIZ Web of Issues (IoT) cameras are weak to a handful of vulnerabilities that might result in risk actors accessing, decrypting, and downloading the video from the gadgets.

EZVIZ is a brilliant residence safety model of cloud-connected {hardware} used throughout the globe, providing dozens of IoT safety digital camera fashions. 

As a part of their ongoing analysis into IoT {hardware} safety, analysts at Bitdefender recognized vulnerabilities in no less than 5 EZVIZ digital camera fashions, though the staff added there might be different affected merchandise as effectively: 

  • CS-CV248 [20XXXXX72] – V5.2.1 construct 180403
  • CS-C6N-A0-1C2WFR [E1XXXXX79] – V5.3.0 construct 201719
  • CS-DB1C-A0-1E2W2FR [F1XXXXX52] – V5.3.0 construct 211208
  • CS-C6N-B0-1G2WF [G0XXXXX66] – v5.3.0 construct 210731
  • CS-C3W-A0-3H4WFRL [F4XXXXX93] – V5.3.5 construct 22012

First, the safety researchers recognized a stack-based buffer overflow bug that might result in distant code execution (CVE-2022-2471). As well as, they discovered an insecure direct object reference vulnerability at a number of API endpoints that might permit a cyberattacker to take management of the digital camera, and a 3rd distant bug that lets an attacker steal the encryption key for the video, the researchers added. 

Lastly, a neighborhood vulnerability, tracked underneath CVE-2022-2472, lets an attacker take over the gadget in earnest. 

“When daisy-chained, the found vulnerabilities permit an attacker to remotely management the digital camera, obtain pictures and decrypt them,” the IoT cybersecurity analysis staff added. “Use of those vulnerabilities can bypass authentication and probably execute code remotely, additional compromising the integrity of the affected cameras.” 

EZVIZ began issuing safety updates for the cameras affected by the IoT bug beginning in June, Bitdefender disclosed.

About the author


Leave a Comment