Headline
Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.
At least five models of EZVIZ Internet of Things (IoT) cameras are vulnerable to a handful of vulnerabilities that could lead to threat actors accessing, decrypting, and downloading the video from the devices.
EZVIZ is a smart home security brand of cloud-connected hardware used across the globe, offering dozens of IoT security camera models.
As part of their ongoing research into IoT hardware security, analysts at Bitdefender identified vulnerabilities in at least five EZVIZ camera models, although the team added there could be other affected products as well:
- CS-CV248 [20XXXXX72] - V5.2.1 build 180403
- CS-C6N-A0-1C2WFR [E1XXXXX79] - V5.3.0 build 201719
- CS-DB1C-A0-1E2W2FR [F1XXXXX52] - V5.3.0 build 211208
- CS-C6N-B0-1G2WF [G0XXXXX66] - v5.3.0 build 210731
- CS-C3W-A0-3H4WFRL [F4XXXXX93] - V5.3.5 build 22012
First, the security researchers identified a stack-based buffer overflow bug that could lead to remote code execution (CVE-2022-2471). In addition, they found an insecure direct object reference vulnerability at several API endpoints that could allow a cyberattacker to take control of the camera, and a third remote bug that lets an attacker steal the encryption key for the video, the researchers added.
Finally, a local vulnerability, tracked under CVE-2022-2472, lets an attacker take over the device in earnest.
“When daisy-chained, the discovered vulnerabilities allow an attacker to remotely control the camera, download images and decrypt them,” the IoT cybersecurity research team added. “Use of these vulnerabilities can bypass authentication and potentially execute code remotely, further compromising the integrity of the affected cameras.”
EZVIZ started issuing security updates for the cameras affected by the IoT bug starting in June, Bitdefender disclosed.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.