From open Guest Wi-Fi to pwning a lift

…or why validating network segregation is critical TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated. A single firewall rule bypassed some well configured VLANs and...

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

Summary COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes. Description The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP strea...

ADH-Web Server IP-Cameras - Multiple Vulnerabilities

ADH-Web Server IP-Cameras - Multiple Vulnerabilities 1. Adivisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions EDB-ID: 38245 Advisory ID: OLSA-2015-0919 Advisory URL: http://www.orwelllabs.com/2015/10/adh-web-server-ip-cameras-improper.html Date published: 2015-09-19...

ADH-Web Server IP-Cameras - Multiple Vulnerabilities

Adivisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions EDB-ID: 38245 Advisory ID: OLSA-2015-0919 Advisory URL: http://www.orwelllabs.com/2015/10/adh-web-server-ip-cameras-improper.html Date published: 2015-09-19 Date of last update: 2016-02-15 Vendors contacted:...