- This topic has 1 voice and 0 replies.
Viewing 0 reply threads
Viewing 0 reply threads
- You must be logged in to reply to this topic.
› Forums › Security › News (Security) › Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras
Tagged: Security_S12
#News(Security) [ via IoTForIndiaGroup ]
According to a Tenable Research Advisory issued Monday, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected software. NUUO, the Taipei, Taiwan-base company that makes the firmware, is expected to issue a patch for the bug Tuesday. The company lists over a 100 different partners including Sony, Cisco Systems, D-Link and Panasonic. It’s unclear how many OEM partners may use the vulnerable firmware.
The vulnerabilities (CVE-2018-1149, CVE-2018-1150), dubbed Peekaboo by Tenable, are tied to the software’s NUUO NVRMini2 webserver software.
“Once exploited, Peekaboo would give cybercriminals access to the control management system, exposing the credentials for all connected video surveillance cameras. Using root access on the NVRMini2 device, cybercriminals could disconnect the live feeds and tamper with security footage,” researchers said.
Last year, the Reaper Botnet, a variant of the Mirai botnet, also targeted NUUO NVR devices, according to Tenable. These most recent vulnerabilities similarly open cameras up to similar botnet attacks.