|
|
|
|
| |
| The Axis Network Camera is installed by default with a widely-known default username and password that allows an attacker to gain privileged access to the embedded product. This would allow him to use the product as proxy, or as an attacking station to hide his own address (through the product's telnet and ftp programs). |
| |
Credit:
The information has been provided by Chris Gragsone.
|
| |
Vulnerable systems:
Axis Network Camera 2120
Axis Network Camera 2110
Axis Network Camera 2100
Axis Network Camera 200+
Axis Network Camera 200
Axis Network Camera is an embedded system that connects a camera directly to the network. With data rates up to 25 frames a second and motion detection. It could be used as a web cam, or for security. This network camera could also be used as part of an IP-Surveillance system, critical to a site's infrastructure.
During installation of Axis Network Camera, the administrator is not prompted for the password for the root account. If the camera is left improperly configured, the attacker could connect to the device remotely and obtain administrative access, and reconfigure or interrupt the camera.
Vulnerability:
Log into any Axis Network Camera via ftp, telnet, or http
Default account: root
Default password: pass
|
|
|
|
|
|
|
|
|
|
