0-Day Bug Allows Hackers to Access CCTV Cameras

Between 180,000 and 800,000 IP-based CCTV cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware.

According to a well-founded analysis consultatory issued Mon, the bugs are rated critical and tied to firmware probably used in one of a hundred different cameras that run the affected software. the company lists over a  hundred completely different partners including Sony, Cisco Systems, D-Link and Panasonic.

The vulnerabilities (CVE-2018-1149, CVE-2018-1150), dubbed Peekaboo by Tenable, are tied to the software’s NUUO NVRMini2 webserver software.

“Once exploited, Peekaboo would give cybercriminals access to the control management system, exposing the credentials for all connected video surveillance cameras. ” researchers said.

The first vulnerability (CVE-2018-1149) is the zero-day. Attacker can sniff out affected gear using a tool such as Shodan. Next, the attacker can trigger a buffer-overflow attack that allows them to access the camera’s web server Common Gateway Interface (CGI), which acts as the gateway between a remote user and the web server.

According to researchers, the attack involves delivering a cookie file too large for the CGI handle. The CGI then doesn’t validate user’s input properly, allowing them to access the web server portion of the camera. “[A] malicious attackers can trigger stack overflow in session management routines in order to execute arbitrary code,” Tenable wrote.
The second bug (CVE-2018-1150) takes advantage of a backdoor functionality in the NUUO NVRMini2 web server.

“[The] backdoor PHP code (when enabled) allows an unauthenticated attacker to change a password for any registered user except administrator of the system,” researchers said.

NUUO’s fix includes version 3.9.1 or later.

Post a Comment