Seven major security gaps have been detected in almost 400 Axis network cameras that hackers could manipulate to coordinate remote attacks and completely take over smart devices via LAN or internet, researchers from VDOO have found.
Each vulnerability is critical, and when all are exploited at the same time they allow hackers to execute shell commands from a remote location, compromise hundreds of connected cameras, spy on users, leak information, crash operations, add the device to a botnet, or manipulate the camera to launch attacks such as DDoS and bitcoin mining.
The manufacturer was immediately informed about the CVE flaws. As of April 13th 2018, Axis Communications started releasing updates to patch the devices that may be susceptible to exploits.
“External researchers have discovered a number of vulnerabilities in Axis products,” the manufacturer said in a statement. “An adversary with network access to an affected Axis product can, by combining these vulnerabilities, compromise the product. There are no indications that the exploit is known to anyone except the researchers and Axis.”
The vulnerabilities’ IDs in Mitre are: CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663 and CVE-2018-10664.
The complete list of compromised devices is available here.
Axis IP camera owners must immediately patch the firmware on their devices to fend off risk.
The vulnerabilities were detected as VDOO researchers investigated security flaws in IoT cameras to inform manufacturers so they can update them to prevent attacks. The researchers say they found no evidence that the vulnerabilities have been exploited so far.
tags
After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.
View all postsNovember 14, 2024
September 06, 2024