![]() Sensitive information stored in plain text includes: Several Vivotek cameras store Wireless keys and 3rd party credentials in clear text allowing a remote attacker to obtain sensitive information which might be valuable to perform further attacks. Technical Description / Proof of Concept Code 8.1. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team.Ĩ. and were discovered and researched by Francisco Falcon and Nahuel Riva from Core Exploit Writers Team. The PoC of was made by Martin Rocha with help of Juan Cotta from Core QA Team. and were discovered and researched by Martin Rocha from Core Impact Pro Team. was originally discovered and reported by Alejandro Leon Morales and re-discovered on new firmware versions by Flavio De Cristofaro from Core Security. Filter strings in the parameter system.ntp on every request made to the binary farseer.out.Have at least one proxy filtering /././ and getparam.cgi in HTTP requests.Filter RTSP traffic (default port 554) if possible.Do not expose the camera to internet unless absolutely necessary. ![]() There was no official answer from Vivotek after several attempts to report these vulnerabilities (see ). Vendor Information, Solutions and Workarounds ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |