Zmodo camera Has hardcoded Security Flaw

CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90
This is a Chinese  made camera by Zmodo ZP-IBH13-W on website SecurityCameraTalk¹

Here is the “moneyquote”:

Once it is scanned, you assign a name and connect to the camera.  A very simple and elegant setup solution to get up and running quickly.

 

Unfortunately for Zmodo and the purchasers of this camera this came out today: CERT² – Computer Emergency Response Team Vulnerability Note VU#301735 –

Overview

The ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.

Impact

A remote unauthenticated attack with knowledge of the credentials may gain root access to the device.  

Which means one has to flash the firmware to “fix” this problem, so what is the solution?

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

 

I.e. there is no solution

  1. http://securitycameratalk.com/zmodo-zp-ibh13-w/
  2. http://www.kb.cert.org/vuls/id/301735

 

So what should you do if you want to run wireless IP cameras?

Buy a different camera – return the Zmodo now, or replace and throw away.

 

This is very sad – no Cybersecurity thoughts into this product.  And even the SecurityCameraTalk website does not put any thought behind security concerns to have discussed this

Contact Us to test your cybersecurity