Axis IP Camera authentication bypass and command injection

2018-08-13T00:00:00
ID SAINT:78C26EF38E9E37C995615F9F668B204A
Type saint
Reporter SAINT Corporation
Modified 2018-08-13T00:00:00

Description

Added: 08/13/2018

Background

Axis IP Cameras are a line of networked surveillance devices.

Problem

A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the **.srv** functionality and a command injection vulnerability in the parhand component.

Resolution

Upgrade the firmware as instructed in ACV-128401.

References

<https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/>
<https://www.axis.com/files/faq/Advisory_ACV-128401.pdf>

Platforms

Linux