Bug Found in Surveillance Cameras Makes Feeds Vulnerable

Bug Found in Surveillance Cameras Makes Feeds Vulnerable

Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

  • By Sydny Shepard
  • Dec 11, 2018

Researchers have discovered a vulnerability in Nuuo surveillance cameras which can be exploited to hijack these devices and sample with footage and live feeds. 

On Thursday, cybersecurity firm Digital Defense said that its Vulnerability Research Team (VRT) had uncovered a zero-day vulnerability in Nuuo NVRmini 2 Network Video Recorder firmware, software used by hundreds of thousands of surveillance cameras worldwide.

The software is used in a variety of the firm's surveillance camera products. Based on Linux, the solution supports NAS storage and is able to monitor up to 64 live video channels. The vulnerability is an unauthenticated remote buffer overflow security flaw which can be exploited by attackers when they execute arbitrary code on a system with root privileges.

Not only could threat actors harness the bug to access and modify camera feeds and recordings, but also change the configuration and settings of cameras.

"Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution," Digital Defense said.

NVRmini 2 firmware version 3.9.1 and prior is vulnerable to exploit. Nuuo responded quickly to the researcher's discovery and has released a patch which resolves the issue.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3