Smart Surveillance: Identifying IoT Device Behaviours Using ML-Powered Traffic Analysis

The proliferation of Internet of Things IoT devices has grown exponentially in recent years, introducing significant security challenges. Accurate identification of the types of IoT devices and their associated actions through network traffic analysis is essential to mitigate potential threats. B...

National Surveillance Camera Rollout Roils Privacy Activists

While controversy over the potential overreach of neighborhood and law-enforcement video surveillance has focused mainly on Ring, an Atlanta-based startup has quietly rolled out its own network of smart surveillance cameras across the country that is again raising questions of privacy and the ire...

CVE-2019-3423

permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources...

Code injection

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The CVE-2018-18602 issue pertains to Guardzilla smart cameras where the Cloud API allows user enumeration, enabling arbitrary camera access and monitoring. Affected software appears to be the Guardzilla Cloud API and associated Guardzilla cameras. The root cause described across sources is user e...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

PT-2018-14539 · Guardzilla · Guardzilla

Name of the Vulnerable Software and Affected Versions: Guardzilla smart cameras affected versions not specified Description: The issue allows user enumeration, which can result in arbitrary camera access and monitoring. Recommendations: At the moment, there is no information about a newer version...

CVE-2018-16946

LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...

Command injection

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities(CVE-2018-3903 - CVE-2018-3904)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera "update" feature of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core credentials Code Execution Vulnerability(CVE-2018-3873 - CVE-2018-3878)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...

Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera “update” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “create” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the “state” field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “replace” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...