TUCoPS :: Network Appliances :: tb12756.htm

Owning Big Brother: How to Crack into Axis IP cameras
Owning Big Brother: How to Crack into Axis IP cameras
Owning Big Brother: How to Crack into Axis IP cameras


The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43): 

  System-wide Cross-site Request Forgeries (CSRF) =96 any admin action can be forged by design!
  Non-persistent Cross-site Scripting (XSS) on 404 error pages
  Persistent cross-site Scripting (XSS) on the network settings page
  Persistent cross-site Scripting (XSS) on the video viewing page
  Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH