Small ants Camera application management program the presence of a remote command execution vulnerability through the web interface with root privileges to execute arbitrary system commands without any web permissions, now the official latest version already fix this vulnerability.
firmware version<=1.8.3. 4F_201410221315 Note:We do not find all the firmware versions, this version is our device factory version, but also we can find the presence of the vulnerability in the latest version
The exploit: the
Through the web application vulnerability configuration parameters, perform system commands.
See the system command in the current execution privilege, the execution result for the highest system privileges.
Vulnerability to harm:
The attacker can the exploit without the user name, password and other authentication methods, remote control of small ants camera, browsing video information. If you click on the hackers construct a malicious link address, hackers can also steal wifi password. This serious harm to a home's privacy and public safety. While you can use a small ant camera to the router related to the operation, the attacks within the home network with other smart devices.
Into the small ants Camera application management program, in connected to the Internet, click Automatic upgrade. Wait after the upgrade is complete confirmation for the current latest version can be.