1 min read

Vulnerabilities in Foscam IP Cameras Enable Root and Remote Control

Liviu ARSENE

June 08, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Vulnerabilities in Foscam IP Cameras Enable Root and Remote Control

A series of recently found vulnerabilities could have let cybercriminals remotely compromise and control Foscam IoT security cameras. Chaining three exploits, hackers would have had the ability to completely take remote control of the IoT devices, by deleting critical files stored on the device, crashing and critical services, and even triggering a shell command injection vulnerability to elevate privileges.

The three vulnerabilities, CVE-2018-6830, CVE-2018-6832, and CVE-2018-6831, were reported by Vdoo security researchers who also compiled a list of 55 vulnerable devices and their affected firmware build. The single perquisite for compromising the affected IoT security cameras is for the attacker to know the camera’s IP address, then simply chain the vulnerabilities together.

While researchers found no indication the vulnerabilities were used in the wild, they did notify Foscam and praised the company’s immediate response and patch deployment. However, because the vendor also delivers the firmware as part of a white-label offering, researchers estimate that the number of potentially affected IP security cameras could be significantly higher.

Making it difficult to estimate the total number of affected devices, both security researchers and the manufacturer advise everyone to check if their camera is running an outdated firmware version and updated it to the latest build.

“To ensure your safety, we have recently reviewed and updated all of our cameras’ firmware to fully protect against any future security threats,” reads the Foscam firmware update notification. “The risks these updates are correcting were negligible in nature, however it is imperative to our commitment to security to be proactive and mitigate all potential vulnerabilities.”

Everyone is strongly encouraged to update their IoT security cameras to their latest firmware build, as well as check for security updates for other household IoT devices.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read