Hole in Xiongmai IP Cameras, DVRs

Thursday, December 7, 2017 @ 03:12 PM gHale

There is a stack-based buffer overflow in the Xiongmai Technology IP Cameras and DVRs, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by independent researcher Clinton Mielke, could cause the device to reboot and return to a more vulnerable state in which Telnet is accessible.

New Firmware Fixes Phoenix Contact X-SS Hole
Rockwell Fixes FactoryTalk Hole
Hole Found in WAGO PLC
Siemens Mitigates Hole in Industrial Products

China-based Xiongmai Technology has not responded to requests to coordinate with ICS-CERT.

All IP Cameras and DVRs using the NetSurveillance Web interface suffer from the issue.

ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
• Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

CVE-2017-16725 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use on a global basis and in multiple industry sectors.

Leave a Reply

You must be logged in to post a comment.