Reply to post: Re: Attack Vector

Not so private eye: Got an Axis network cam? You'll need to patch it, unless you like hackers

GarethWright.com

Re: Attack Vector

I won't say where (though it's trivial to establish with a little Google foo), but a large number of Axis cams were installed in a new build and linked to the B.M.S.

The cameras were all added to CCTV module which was compiled with hard coded credentials...which of course were default. To make matters worse the the BMS company (Massive "professional" outfit) installed the cameras and BMS on the same VLAN as the standard traffic. Anyone on the WiFi or plugging into an ethernet port (oh btw they fitted active ones in the loos) can simply load up the Axis camera management tools and discover and access every camera on the network without needing any CVEs at all.

So yeah....plenty of places with Attack Vectors, some places are worse and have them on the internet

https://www.shodan.io/search?query=AXIS

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon