Hanwha Vision QND-8080R 输入验证错误漏洞

Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a vulnerability related to input validation errors. This vulnerability arises from improper handling of data in specific requests, which may lead to...

The vulnerability of the eSmartCam surveillance application for wireless cameras of the ElinkSmart SKY30W series lies in the use of a rigidly encrypted cryptographic key called AES. This vulnerability allows a intruder to gain unauthorized access to protected information and carry out a “man-in-the-middle” attack.

The vulnerability of the eSmartCam surveillance application for wireless cameras of the ElinkSmart SKY30W series lies in the use of a rigidly encrypted cryptographic key called AES. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­--or of an attached peripheral device--­during cryptographic operations. This technique allowed the researchers to pull a...

The vulnerability of the D-Link 825L surveillance camera lies in its use of a weak encryption mechanism, which allows attackers to carry out a “man-in-the-middle” attack.

The vulnerability of the D-Link 825L surveillance camera lies in the use of a weak encryption mechanism. Exploiting this vulnerability could allow an attacker to carry out a Man-in-the-Middle attack...

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...

D-Link DCS-5000L and DCS-932L Elevation of Privilege Vulnerability

D-link Dcs-5000L is an Ip network surveillance camera. d-link Dcs-932L is a network surveillance camera. d-link DCS-5000L and DCS-932L elevation of privilege vulnerability, an attack to can be exploited to compromise the camera configuration and allow a malicious user on the LAN to access the...

TP-Link Megapixel Surveillance Camera Default Credentials (HTTP)

The remote installation of TP-Link Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...

TP-Link Megapixel Surveillance Camera Detection

Detection of Megapixel Surveillance Camera. The script sends a connection request to the server and attempts to detect the web interface for TP-Link Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure

TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure Vulnerability Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Summary: The TL-SC3130G surveillance camera is a versatile solution for your home and office monitoring,...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Password Parameter Configuration Command Injection Vulnerability(CVE-2017-2843)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...

Samsung smart surveillance camera is explosion proof remote code execution vulnerability with POC-the exploit-warning-the black bar safety net

Vulnerability overview EDB-ID:4 0 2 3 5 Vulnerability found by: PentestPartners CVE: no Release Date: 2 0 1 6 years 0 8 month 1 4 day Vulnerability type: remote vulnerability Affected platforms: the system hardware Affected App: no Exploit POC: click to download Foreword Currently, the vast...

Bosch Security Systems Dinion NBN-498 XML Injection

Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...

AirLive 系列 IP 摄像头命令注入漏洞

大量AirLive IP监控摄像机被曝存在命令注入漏洞，攻击者可利用该漏洞窃取用户登录凭证并控制设备。漏洞原理及影响范围OvisLink公司制造的大量AirLive IP监控摄像机中都存在着命令注入漏洞，通过该漏洞，网络攻击者可以解码用户登录凭证，并可以完全控制监控设备。根据Core安全公司的专家们的消息，至少5种不同型号的AirLive监控摄像机都受此漏洞的影响。这5种型号的监控摄像机分别如下：1、AirLive BU-2015，固件版本1.03.18 16.06.20142、AirLive BU-3026，固件版本1.43 21.08.20143、AirLive...