![]() ![]() ![]() To add insult to injury the attacker also has access to the Web camera and who knows how embarrassing that could be. Depending on where the attacker is physically located, access may be possible via the Internet or Wi-Fi. If the attacker is successful in retrieving the configuration information, owning the network just became a whole lot easier. The information that’s sent back amounts to login credentials, wireless network connection information, including encryption keys and SSID, and normal system management information. This vulnerability allows an attacker to craft a packet and send it to the Web camera, and the Web camera will return sensitive system information to the attacker. Most Linksys devices use port 916 UDP for remote management commands. ![]() The following image of the Linksys WVC54GC is courtesy of Linksys: “The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.” This vulnerability will disclose sensitive system information in plain text to an attacker.Īs I was checking out my weekly e-mail from US-Cert, I came across Vulnerability Note VU#528993, which states: Linksys WVC54GC: Exploit discloses system configurationĪ Linksys Web camera is vulnerable to SetSource() boundary error. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |