Tens of thousands of vulnerable cameras remain exposed to a critical CVE that has been left unpatched for 11 months. This vulnerability, discovered in April 2019, affects cameras from over 70 different vendors and puts thousands of organizations at risk of being hacked.
The vulnerability, tracked as CVE-2018-10562, lies in the use of an insecure protocol for device authentication. By using a simple computer program, hackers can exploit this protocol and gain access to vulnerable cameras. Once this access is acquired, the hacker can access the live streaming video feed, manipulate the settings of the camera, or even make changes to the underlying firmware. This means the hacker could potentially gain access to the entire network that the camera is connected to.
CVE-2018-10562 is one of the highest severity vulnerabilities, yet many of the affected vendors have failed to patch it. This leaves the tens of thousands of cameras that use the protocol open to attack. Researchers have attempted to contact the affected vendors and encourage them to take action in patching the vulnerability, but to no avail.
Organizations should take the initiative to protect themselves against this vulnerability by verifying that all of their cameras are using the latest version of the protocol. In addition, organizations should regularly monitor their networks for any suspicious activity that could be the result of a potential attack.
The potential consequences of this vulnerability are serious, as it could lead to catastrophic data breaches and other forms of cybercrime. It is important for organizations to take the necessary steps to protect themselves from this critical threat before it is too late.
Key Points:
• Tens of thousands of cameras are exposed to a critical CVE that is 11 months old
• The vulnerability allows hackers to gain access to the camera, its live streaming feed, and the entire network it is connected to
• Many of the affected vendors have failed to patch the vulnerability
• Organizations should take the initiative to protect themselves by verifying that all of their cameras are using the latest version of the protocol and regularly monitoring their networks for any suspicious activity
• The potential consequences of this vulnerability are serious and organizations should take the necessary steps to protect themselves before it is too late