Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive’s surveillance cameras designed for professional surveillance and security applications. He was able to invoke some CGIs without authentication, while backdoor accounts allowed him to execute arbitrary OS commands on the device.
An attacker who has compromised the camera could see the video stream the camera is transmitting and use the device to compromise other devices/computers on the network.
Leave a reply
