Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

Authorization

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitima...

150,000 Verkada security cameras hacked—to make a point

Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health...

Sony Network Camera Default Credentials (HTTP)

Sony network cameras use the default credentials admin:admin. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Dahua Generation 2/3 - Backdoor Access

!/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua / OEM units, where...