Bug Found in Surveillance Cameras Makes Feeds Vulnerable

Bug Found in Surveillance Cameras Makes Feeds Vulnerable

Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

Researchers have discovered a vulnerability in Nuuo surveillance cameras which can be exploited to hijack these devices and sample with footage and live feeds. 

On Thursday, cybersecurity firm Digital Defense said that its Vulnerability Research Team (VRT) had uncovered a zero-day vulnerability in Nuuo NVRmini 2 Network Video Recorder firmware, software used by hundreds of thousands of surveillance cameras worldwide.

The software is used in a variety of the firm's surveillance camera products. Based on Linux, the solution supports NAS storage and is able to monitor up to 64 live video channels. The vulnerability is an unauthenticated remote buffer overflow security flaw which can be exploited by attackers when they execute arbitrary code on a system with root privileges.

Not only could threat actors harness the bug to access and modify camera feeds and recordings, but also change the configuration and settings of cameras.

"Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution," Digital Defense said.

NVRmini 2 firmware version 3.9.1 and prior is vulnerable to exploit. Nuuo responded quickly to the researcher's discovery and has released a patch which resolves the issue.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

  • Securing Entertainment Venues Securing Entertainment Venues

    One thing entertainment venues, sports stadiums and theme park officials want to accomplish is getting people back into their seats. That is happening today—but not without understanding and technology. In this episode, AJ DeRosa shares his insight on how COVID-impacted businesses are able to face safety and security issues with confidence and technology. We also discuss visitor expectations and how venue officials can ensure their space is secure as they welcome visitors back.

Digital Edition

  • Security Today Magazine - July August 2021

    July August 2021

    Featuring:

    • Tee Up the Security
    • Listen Clearly
    • Turning to the Cloud
    • COVID-19 The Final Push
    • Redefining Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety