"EZVIZ Video Cameras Can Be Accessed Remotely"

Bitdefender researchers discovered a series of vulnerabilities that could be exploited to remotely control EZVIZ networked cameras without authentication to download and decrypt images. The researchers were able to take control the EZVIZ cameras using a four-bug attack chain that exploited a stack buffer overflow and vulnerable Application Programming Interface (API) endpoints. The attack chain as a whole would result in full camera takeover with video feed access. Bitdefender also recovered the administrator password and captured the encryption key for images. The flaws were discovered in camera firmware version 5.3.0 build 201719, but Bitdefender stated that earlier versions might also be vulnerable. This article continues to discuss the discovery of vulnerabilities that could enable the remote takeover of EZVIZ cameras.

iTnews reports "EZVIZ Video Cameras Can Be Accessed Remotely"