Critical vulnerability in 60 + models of CCTV and IP-cameras

A group of students from the European University of Madrid published the results of their thesis at the Faculty of Information Technology. They explored the protection of the various surveillance systems found on the Internet through Google and Shodan.

In total, they analyzed 9 systems, they found 14 vulnerabilities, from simple XSS and CSRF to very dangerous, such as the escalation of privileges and bypass authentication.


The authors emphasize that exploits checked only through the Internet on someone else’s hardware, so they did not buy the equipment and have not checked the code directly on it. The list below shows only the models that had exploits checked via the Internet. It is possible that other models are vulnerable as well.

For all the vulnerabilities the respective manufacturers have recently released patches. In some cases, the patches came out just a couple of days ago, so the exploits are still effective on most devices.

Affected models

  • Airlive WL2600CAM, POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD.
  • All cameras using the AXIS Media Control (AMC).
  • Brickcom FB-100ap, WCB-100ap, MD-100ap, WFB-100ap, OB-100Ae, OSD-040E.
  • Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W / P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500.
  • Samsung SHR-5XXX, SHR-516X, SHR-508x, SHR-5042, SHR-4160, SHR-4081, SHR-2XXX, SHR-216X, SHR-208X, SHR-204X.
  • Sony SNC CH140, CH180 SNC, SNC CH240, CH280 SNC, SNC DH140, SNC DH140T, SNC DH180, DH240 SNC, SNC DH240T, SNC DH280.
  • TP-LINK TL-SC3171.

The study authors Eliezer Lopez (Eliezer Varadé Lopez), Javier Sanchez (Javier Repiso Sánchez) and Jonas Castillo (Jonás Ropero Castillo) June 12, 2013 published a complete description of vulnerabilities and exploit code in the mailing list of Full Disclosure.

Tagged , , , ,