Reply to post: Attack Vector

Not so private eye: Got an Axis network cam? You'll need to patch it, unless you like hackers

Anonymous Coward
Anonymous Coward

Attack Vector

"To perform the attack, a hacker would first run an exploit for CVE-2018-10661, an authorization bypass that allows the attacker to access /bin/ssid, which runs as root, via unauthenticated HTTP requests."

Being a CCTV installer (Thankfully not one that uses Axis, although I believe their kit is far from the low-level stuff lika Dahua and whatnot) - I can't envisage one of our cameras' interfaces ever being exposed to the internet for someone to perform this attack. I'm *NOT* saying this means it's acceptable to have such a vulnerability, but the chances of a camera sitting on an open port-80 even without any known exploits is asking for serious trouble!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon