ATTENTION: Exploitable remotely/low skill level to exploit.
Equipment: IP Cameras
Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting
Geutebrück reports that the vulnerabilities affect the following IP cameras:
- G-Cam/EFD-2250 (part n° 5.02024) firmware version 188.8.131.52, and
- Topline TopFD-2125 (part n° 5.02820) firmware version 3.15.1
Successful exploitation of these vulnerabilities could lead to proxy network scans, access to a database, adding an unauthorized user to the system, full configuration download including passwords, and remote code execution.
Geutebrück recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 184.108.40.206, by registering for a new WebClub account, or by logging into an existing account at the following location:
Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.