"Baby Monitor Vulnerable to Attack via Newly Found Bugs"
Researchers at Bitdefender have discovered security holes in the Victure IPC360 Camera use in a popular baby monitor model. The exploitation of these vulnerabilities could allow outside attackers to access the camera feed or disable the encryption of streams stored in the cloud. In addition, an attacker sharing a network with the camera could enable the ONVIF (Open Network Video Interface Forum) protocol and the Real-Time Streaming Protocol (RTSP) or exploit a stack-based buffer overflow to take complete control over a device. According to the researchers, the vulnerabilities discovered in the model include an AWS bucket missing access control, camera information disclosure, remote control of cameras, local stack-based buffer overflow leading to remote code execution, and hardcoded RTSP credentials. These vulnerabilities are estimated to be affecting more than 4 million devices worldwide. This article continues to discuss the vulnerabilities found in the Victure IPC360 Camera and Victure's response to the discovery made by Bitdefender.
Dark Reading reports "Baby Monitor Vulnerable to Attack via Newly Found Bugs"