26 matches found
Hanwha Vision QND-8080R 输入验证错误漏洞
Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a vulnerability related to input validation errors. This vulnerability arises from improper handling of data in specific requests, which may lead to...
CVE-2025-69986
A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...
CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...
D-Link DCS-932L setSystemAdmin File Command Injection Vulnerability
The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a command injection vulnerability that stems from the parameter AdminID in the file /setSystemAdmin failing to correctly filter constructed comman...
D-Link DCS-932L Denial of Service Vulnerability
The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. A denial of service vulnerability exists in the D-Link DCS-932L REVBFIRMWARE2.18.01 version that originates from a null pointer dereference. An attacker could exploit this...
The vulnerability of the eSmartCam surveillance application for wireless cameras of the ElinkSmart SKY30W series lies in the use of a rigidly encrypted cryptographic key called AES. This vulnerability allows a intruder to gain unauthorized access to protected information and carry out a “man-in-the-middle” attack.
The vulnerability of the eSmartCam surveillance application for wireless cameras of the ElinkSmart SKY30W series lies in the use of a rigidly encrypted cryptographic key called AES. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...
Power LED Side-Channel Attack
This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader--or of an attached peripheral device--during cryptographic operations. This technique allowed the researchers to pull a...
The vulnerability of the D-Link 825L surveillance camera lies in its use of a weak encryption mechanism, which allows attackers to carry out a “man-in-the-middle” attack.
The vulnerability of the D-Link 825L surveillance camera lies in the use of a weak encryption mechanism. Exploiting this vulnerability could allow an attacker to carry out a Man-in-the-Middle attack...
Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...
CVE-2019-25062
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be us...
D-Link DCS-5000L and DCS-932L Elevation of Privilege Vulnerability
D-link Dcs-5000L is an Ip network surveillance camera. d-link Dcs-932L is a network surveillance camera. d-link DCS-5000L and DCS-932L elevation of privilege vulnerability, an attack to can be exploited to compromise the camera configuration and allow a malicious user on the LAN to access the...
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure
!/usr/bin/perl PLANEX CS-QP50F-ING2 Security Surveillance Smart Camera Remote Configuration Disclosure - Mass Exploiter Copyright 2021 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer...
A week in security (April 22 – 28)
Last week on Labs, we looked at security threats to headphones, privacy options in the world of law, and wandered through the FBI’s 2018 IC3 online crime report. We also explored another MageCart attack, and we released our 2019 Q1 Crime Tactics and Techniques report. Other cybersecurity news...
TP-Link Megapixel Surveillance Camera Default Credentials (HTTP)
The remote installation of TP-Link Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...
TP-Link Megapixel Surveillance Camera Detection
Detection of Megapixel Surveillance Camera. The script sends a connection request to the server and attempts to detect the web interface for TP-Link Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...
UPDATE: Cameradar v3.0.1
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure Vulnerability Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Summary: The TL-SC3130G surveillance camera is a versatile solution for your home and office monitoring,...
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure Vulnerability
Summary The TL-SC3130G surveillance camera is a versatile solution for your home and office monitoring, whose 54Mbps wireless connectivity enables you to deploy the camera where inaccessible previously by Ethernet connection such as ceiling and walls. This camera can be placed in your living room...
Man Sues Feds For Installing Surveillance Camera on his Property
By Carolina A 74-year old rancher in Texas discovered a small portal This is a post from HackRead.com Read the original post: Man Sues Feds For Installing Surveillance Camera on his Property...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Password Parameter Configuration Command Injection Vulnerability(CVE-2017-2843)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...