Zmodo camera Has hardcoded Security Flaw

CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90
This is a Chinese  made camera by Zmodo ZP-IBH13-W on website SecurityCameraTalk¹

Here is the “moneyquote”:

Once it is scanned, you assign a name and connect to the camera.  A very simple and elegant setup solution to get up and running quickly.

 

Unfortunately for Zmodo and the purchasers of this camera this came out today(was 05/2016– then updated 08/2016): CERT² – Computer Emergency Response Team Vulnerability Note VU#301735 –

Overview

The ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.

Impact

A remote unauthenticated attack with knowledge of the credentials may gain root access to the device.  

Which means one has to flash the firmware to “fix” this problem, so what is the solution?

Solution

It looks like there is a solution at this time (July 2017)

https://www.kb.cert.org/vuls/id/301735

Affected Devices:
● ZP­NE14­S
● ZP­IBH­13W
Firmware with Issues Fixe
d:
● ZP­NE14­S: Version 40.0.3.0
● ZP­IBH­13W:
Version 7.8.0.36

http://securitycameratalk.com/zmodo-zp-ibh13-w/

  1. http://www.kb.cert.org/vuls/id/301735

 

So what should you do if you want to run wireless IP cameras?

I would consider a different manufacturer, as this issue took a while to resolve.  And cchange your default password as soon as practical.

Contact Us to test your cybersecurity

 

 

Advertisements