Vulnerability Note VU#265532: »
www.kb.cert.org/vuls/id/265532Overview
The web interface firmware for Foscam and Wansview H.264 Hi3510/11/12 IP cameras contain an authentication bypass vulnerability. Other vendors that share the same base firmware image are also vulnerable.
Description
It has been reported that the web interface for IP cameras from several vendors including Foscam and Wansview contain an authentication bypass vulnerability. By visiting specific URLs, an attacker may be able to perform any function a normal user can. The admin password is also leaked through client side Javascript.
Impact
A remote unauthenticated attacker may be able to execute any command available to the web interface including full administrative functions.
Solution
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
---------------------------------------------------------------------------------- -----------------
I have created a test tool to help determine if your H.264 camera brand and model are currently exposed to this, since there are many brands and models that are.
»
foscam.us/forum/h264-ip-camera-w···252.htmlNote: I reported this issue.
This is why I took the time to create a tool to test for it being present. There maybe firmware released to fix this problem, if your camera is found to have it. New firmware is required to fix this issue.
Don
--
The Best Phone Services and 3rd Party Applications With The Highest Quality Worldwide »SaveOnTelephoneBills.com
