Which? Magazine recommends vulnerable smart home camera

You’ll already know that we have a keen interest in smart home camera security. Our recent work on Swann and FLIR cameras showed how it could be trivially easy to spy on people through their security cameras. Which? Magazine has a well-earned reputation for providing product reviews for consumers...

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability(CVE-2018-3880)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)

Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...

Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)

Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Samsung SmartThings Hub video-core clips Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera “update” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

Hanwha Techwin Smartcam web interface switching hidden function vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. Hanwha Techwin Smartcam has a hidden feature that switches the web interface, which can be exploited by an attacker to manipulate the web interface...

Hanwha Techwin Smartcam Remote Code Execution Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. A remote code execution vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit this vulnerability to achieve remote code execution...

Hanwha Techwin Smartcam Denial of Service Vulnerability (CNVD-2018-05237)

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. A denial of service vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit this vulnerability to cause a denial of service by preventing new camera registrations on a cloud server...

Hanwha Techwin Smartcam Unencrypted Remote Control and Communication Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. Hanwha Techwin Smartcam has unencrypted remote control and communication methods. A detailed vulnerability description is not available at this time...

Hanwha Techwin Smartcam Insecure Firmware Update Method Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. Hanwha Techwin Smartcam is vulnerable to an insecure firmware update method vulnerability, for which a detailed vulnerability description is not currently available...

Hanwha Techwin Smartcam Arbitrary Access and Monitoring Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. Hanwha Techwin Smartcam suffers from an arbitrary access and monitoring vulnerability. An attacker can exploit the vulnerability to arbitrarily access and monitor the cameras via the cloud...

Hanwha Techwin Smartcam Remote Password Change Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. A remote password change vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit this vulnerability to remotely change a password...

Hanwha Techwin Smartcam Denial of Service Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. A denial of service vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit this vulnerability by uploading malformed firmware to cause a denial of service...

Hanwha Techwin Smartcam Buffer Overflow Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. Hanwha Techwin Smartcam suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

Hanwha Techwin Smartcam Authentication Bypass Vulnerability

Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. An authentication bypass vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit the vulnerability to bypass authentication...

Security Camera Found Riddled With Bugs

CANCUN, Mexico – Tech firm Hanwha Techwin is racing to fix 13 critical security holes found in its popular line of SmartCam security cameras. The patch rollout is part of public disclosure of the vulnerabilities set for today by researchers who discovered the bugs. Flaws range from the use of an...