![]() ![]() Since it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application, it eases brute-force attacks, in which the attacker verifies if, given a valid username, it is possible to find the corresponding password. Attackers can remotely enumerate the usernames of IP camera accounts, facilitating brute-force attacks.The detected vulnerabilities have the following impact: CVE-2020-11623: Exposed dangerous method or function.CVE-2020-11624: Weak password requirements.The following are the three vulnerabilities we found: They also allow users to store the recordings in the cloud, in a network video recorder (NVR) and also create backups in an SD memory card. These products are surveillance cameras intended to be used outdoors with infrared and object detection technology built-in. Three vulnerabilities were found in AvertX IP cameras with model number HD838 and 438IR, as confirmed by AvertX. On February 24, 2020, Palo Alto Networks Unit 42 researchers found vulnerabilities present in AvertX IP cameras running the latest firmware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |