Peaches Posted December 11, 2008 Report Share Posted December 11, 2008 9 December 2008, 11:20Vulnerabilities in Linksys WVC54GC wireless network camera "US-CERT has posted notifications of two security vulnerabilities in the Linksys WVC54GC wireless network camera. US-CERT say that by delivering a specially crafted packet to the cameras UDP port 916, an attacker can make it respond with a packet that contains the majority of its system configuration, including details such as username, password, wireless ssid, WEP key, WEP password, WPA key, and DNS server. The camera is reported to send this information as an unencrypted packet over the network, which can allow an attacker access to these details and then use them to take control of the camera.The camera also provides an insecure ActiveX control for Internet Explorer that contains a buffer overflow flaw. "By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash." Version 1.25 of the firmware, issued early this year, fixed both problems. Users should check the version used in their camera and, if necessary, download and install version 1.25."See also:Linksys WVC54GC wireless video camera vulnerable to information disclosure, Vulnerability Note from US-CERTLinksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow, Vulnerability Note from US-CERTHeise security: http://www.heise-online.co.uk/security/Vul...a--/news/112195 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.