13 matches found
GeoVision EOL 操作系统命令注入漏洞
GeoVision EOL is a series of surveillance devices from the Chinese company GeoVision. GeoVision EOL suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker being able to inject and execute arbitrary system commands on the device...
Bullwark Momentum Series 路径遍历漏洞
The Bullwark Momentum Series is a series of surveillance devices. A path traversal vulnerability exists in previous versions of the Bullwark Momentum Series BLW-2016E-960H, which stems from vulnerability to path traversal attacks...
The vulnerability of the Link Layer Discovery Protocol (LLDP) implementation in Cisco Video Surveillance devices of the 7000 series allows a intruder to induce slow memory leaks, restart the device, or cause a service failure.
The vulnerability of the Link Layer Discovery Protocol LLDP implementation in Cisco Video Surveillance devices of the 7000 series relates to a memory leak. Exploiting this vulnerability can allow an attacker to cause a slow memory leak, a device reboot, or a service failure...
Unauthorized Access Vulnerability in Jiuan Video Surveillance Devices
Guangzhou Jiuan Intelligent Technology Company Limited JUAN is a leading global provider of mobile mapping infrastructure and IoT platform. An unauthorized access vulnerability exists in JUAN's video surveillance devices, which can be exploited by attackers to obtain sensitive information from...
Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera
An Airbnb “superhost” in China has been arrested after a guest staying in his house found a hidden camera recording her in the bedroom. The guest, an unnamed woman who was staying in the Airbnb in eastern China last week, said she discovered the camera after spotting a light that looked unusual i...
Axis IP Camera authentication bypass and command injection
Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...
Foscam IP Video Camera devMng Multi-Camera Port 10000 Command 0x0000 Information Disclosure Vulnerability(CVE-2017-2874)
Summary An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. Tested...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Command Injection Vulnerability(CVE-2017-2845)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tes...
Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
Foscam IP Video Camera CGIProxy.fcgi Account Creation Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting...
Cross-Site Request Forgery (CSRF) Vulnerability in AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A cross-site request forgery CSRF vulnerability exists in AVTECH devices. An attacker who successfully exploits the...
Zhejiang Dahua Surveillance Device RTSP Buffer Overflow Vulnerability
Zhejiang Dahua Technology Co., Ltd. is a surveillance product supplier and solution service provider. An RTSP buffer overflow vulnerability exists in Zhejiang Dahua surveillance devices. The vulnerability allows an attacker to construct a special message, resulting in a buffer overflow, denial of...
New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers
Remember StingRays? The controversial cell phone spying tool, known as "Stingrays" or "IMSI catchers," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of...