![]() ![]() ![]() No authentication (login) is required to exploit this vulnerability. In addition, a remote code execution through a Metasploit exploit module has been published. ![]() This blog post serves as disclosure of the technical details for those vulnerabilities. ![]() More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision's RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. DS-7204 and other models in the same product series that allow a remote attacker to gain full control of the device. "This is especially troubling given that a similar vulnerability (CVE-2013-4977) was reported last year, and the product still appears unpatched out of the box today," researchers at the firm behind the Metasploit penetration testing tool conclude.Ī blog post (extract below) by Rapid7, the firm behind the Metasploit penetration testing tool, explains the vulnerabilities at play in greater depth. Rapid7 warns that DVRs exposed to the internet are routinely targeted for exploitation. Security researchers at Rapid7 discovered that 150,000 of Hikvision DVRs devices could be accessed remotely. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |