2 min read

Vulnerabilities Identified in EZVIZ Smart Cams

Bitdefender

September 15, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Vulnerabilities Identified in EZVIZ Smart Cams

As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities that might affect customers if left unaddressed. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers several camera models manufactured by EZVIZ. Full details are included in the research paper below:

Download the research paper

Vulnerabilities at a glance

  • [REMOTE] Stack-Based Buffer Overflow Vulnerability can lead to remote code execution in the motion detection routine – CVE-2022-2471
  • [REMOTE] Insecure Direct Object Reference vulnerability in multiple API endpoints allows an attacker to fetch images and issue commands on behalf of the real owner of the camera [2]
  • [REMOTE] Storing Passwords in a Recoverable Format vulnerability in [3] /api/device/query/encryptkey allows an attacker to recover the encryption key for images
  • [LOCAL] Improper Initialization vulnerability lets an attacker recover the administrator password and completely own the device - CVE-2022-2472

Affected camera models

The vulnerabilities were found on firmware version V5.3.0 build 201719 (previous versions might also be vulnerable but untested). Affected device models are listed in the table below – please note that there may be other device models and integrations that we have not tested:

  • CS-CV248 [20XXXXX72] - V5.2.1 build 180403
  • CS-C6N-A0-1C2WFR [E1XXXXX79] - V5.3.0 build 201719
  • CS-DB1C-A0-1E2W2FR [F1XXXXX52] - V5.3.0 build 211208
  • CS-C6N-B0-1G2WF [G0XXXXX66] - v5.3.0 build 210731
  • CS-C3W-A0-3H4WFRL [F4XXXXX93] - V5.3.5 build 220120

Disclosure timeline

  • Apr 15, 2022: Bitdefender makes an initial contact attempt via multiple public communication channels
  • Apr 16, 2022: Acknowledgement received; vendor requests additional information through OneDrive
  • Apr 18, 2022: Bitdefender submits documentation and proof of concept
  • Apr 20, 2022: Report received and acknowledged by the vendor
  • May 05, 2022: Vendor informs that internal assessment is in progress
  • May 10, 2022: The vendor requests a 90-day extension for vulnerability fixing and patching
  • May 16, 2022: Vendor communicates the findings of internal assessment and confirms fix
  • Jun 20, 2022: Updates are still rolling out to vulnerable devices
  • Sep 15, 2022: This report becomes public as per the coordinated vulnerability disclosure guidelines

Impact

When daisy-chained, the discovered vulnerabilities allow an attacker to remotely control the camera, download images and decrypt them. Use of these vulnerabilities can bypass authentication and potentially execute code remotely, further compromising the integrity of the affected cameras.

Note: Bitdefender has been working closely with EZVIZ through all stages of vulnerability disclosure. We would like to extend our thanks for the prompt response time, communication, transparency and escalation.

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Vulnerabilities Identified in EZVIZ Smart Cams Vulnerabilities Identified in EZVIZ Smart Cams
Bitdefender

September 15, 2022

2 min read
Vulnerabilities Identified in Eufy
2K Indoor Camera Vulnerabilities Identified in Eufy 2K Indoor Camera
Bitdefender

May 31, 2022

2 min read
Vulnerabilities Identified in Neos SmartCam IoT Device Vulnerabilities Identified in Neos SmartCam IoT Device
Bitdefender

April 22, 2022

3 min read