Axis IP Camera authentication bypass and command injection

Added: 08/13/2018

Background

Axis IP Cameras are a line of networked surveillance devices.

Problem

A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component.

Resolution

Upgrade the firmware as instructed in ACV-128401.

References

https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

Platforms

Linux

Back to exploit index