The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Millions of IoT devices are vulnerable to widespread bug

2017-07-20 16:42 by
Tags: ,

 

A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack.

The vulnerability, dubbed Devil's Ivy aka CVE-2017-9765, was identified by researchers at Senrio, who singled out high-end security cameras manufactured by Axis Communications. Senrio said 249 models of 251 Axis cameras are vulnerable to unauthenticated remote attackers who can intercept a video feed, reboot cameras, or pause a video feed while conducting a crime.

The vulnerability can be exploited by overflowing a stack buffer by sending the camera's HTTP port 80 service a specially crafted POST command. From there, it's possible to gain control of the embedded system using some injected shellcode.

Axis Communications confirmed that those surveillance camera models were affected by the flaw. It released a firmware update on July 10 to address the issue.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About