13·
4 days agoWhat this is talking about is not really about the brand or model, its just about them being misconfigured. These cameras were exposed to the internet with either default credentials or no authentication.
Theres very few good reasons to expose a camera to the internet at all, just access it over a VPN. If for some reason someone really needs to access it over the internet (I genuinely cannot think of any), then they should put some proper authentication in front of it.
Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.
I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.