![]() ![]() The final security flaw discovered by Bitdefender (tracked as CVE-2022-2472) was an improper initialization vulnerability that could be used by an attacker to recover the admin password of a device and completely take it over. The endpoint returned a camera’s password in plaintext which allowed the researchers to decrypt and access the images. Likewise, after downloading images from an affected camera, Bitdefender’s researchers found that although the images were encrypted, they could recover the encryption key for these images using an API endpoint. Bitdefender’s researchers found that they could overload a camera’s local stack buffer to achieve remote code execution in its motion detection routine.Īn Insecure Direct Object Reference vulnerability was also found in multiple API endpoints that could be exploited by an attacker to download images and issue commands to an EZVIZ security camera as if they were its owner. As EZVIZ’s cameras are accessible from anywhere, user-device communication is relayed through servers in the cloud using a number of commands. The first vulnerability (tracked as CVE-2022-2471) was found in the configMotionDetectArea API endpoint. ![]() The security firm’s researchers uncovered several vulnerabilities in EZVIZ smart security cameras and their API endpoints that an attacker could leverage to carry out a variety of malicious actions including remote code execution and access to a camera’s video feed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |