"Critical IoT Camera Flaw Allows for Device Hijacking"

Security researchers at Nazomi Networks have discovered another critical bug in IoT security camera systems that could allow attackers to hijack devices.  The researchers found a remote code execution vulnerability CVE-2021-32941 in the web service of the Annke N48PBB network video recorder (NVR), which consumers and businesses use.  The researchers stated that NVRs are an essential part of any connected security camera system in that they are designed to capture, store and manage incoming video feeds from IP cameras.  According to an advisory from the Cybersecurity and Infrastructure Security Agency (CISA), if this flaw is exploited, it could cause a stack-based buffer overflow, allowing an unauthenticated, remote attacker to access sensitive information and execute code.  The security researchers at Nozomi Networks said that adversaries could snoop on or delete footage, change the configuration of motion detector alarms, or halt recording altogether.  The researchers also stated that a cyberattack exploiting CVE-2021-32941 could be used to support physical robberies of premises protected by Annke devices.  The security researchers notified Annke about the vulnerability, and fortunately, Annke acted quickly to fix the issue, releasing new firmware to patch the problem just 11 days after Nozomi’s responsible disclosure.

Infosecurity reports: "Critical IoT Camera Flaw Allows for Device Hijacking"