Cam free backdoor
Hikvision, a Chinese manufacturer of video surveillance equipment, recently patched a backdoor in a slew of its cameras that could have made it possible for a remote attacker to gain full admin access to affected devices.
Hikvision guarantees hereby that it never has, does or would intentionally contribute to the placement of ‘backdoors’ in its products,” a member of Hikvision’s Security Response Center told Threatpost late Monday.It’s unclear how long since the audit the vulnerabilities identified in March have existed in Hikvision cameras.The Hikvision advisory comes a day after US-CERT warned of a similar set of vulnerabilities in IP cameras and digital video recorders manufactured by another Chinese company, Dahua.In the notice, Hikvision warned that request code could be used to access certain IP cameras directly.From there, it could be possible for an attacker to escalate user privileges, and “acquire or tamper with device information.” The company provided firmware updates for seven lines of cameras at the time, the same updates US-CERT pointed out on Friday: An independent researcher who goes by the handle “Montecrypto” first disclosed the backdoor in a post to the forum IPCam Talk in early March saying it “makes it possible to gain full admin access to the device.” At the time, he gave the company two weeks to “come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed.” Montecrypto confirmed the privilege escalation aspect of the vulnerability the same day the company warned of the issue, acknowledging an attacker could remotely escalate their privileges “from anonymous web surfer to admin.” The researcher promised to disclose details around his findings on March 20, two weeks after he initially disclosed, but retreaded on that decision after making contact with the company.
Search for Cam free backdoor:
“Per agreement with Hikvision I am delaying the disclosure,” Montecrypto wrote, “Hikvision promised to responsibly disclose and resolve the vulnerability.