According to a research advisory from Tenable Security, there are a set of exploitable vulnerabilities in NUUO CCTV cameras that include a zero-day. NUUO is a leading supplier of CCTV technology for a wide range of industries, and as such, it is estimated that up to 800,000 devices are at risk for attack as a result of the zero-day. Tenable has named the critical vulnerability “Peekaboo” due to the fact that, via remote code execution, attackers can hijack NUUO CCTV feeds and tamper with the recordings.
There are two vulnerabilities at play that allow for this level of attack, and both of them are in NUUO’s Network Video Recorder software. (CVE-2018-1149) is an unauthenticated stack buffer overflow which allows for the remote code execution. According to the analysis provided by Tenable, the buffer overflow is caused by the following:
One of the CGI binaries that can be executed on the NVRMini2 is ‘cgi_system’ and it can be accessed via http://x.x.x.x/cgi-bin/cgi_system. This binary handles a variety of commands and actions that require the user be authenticated. During authentication, the cookie parameter’s session ID size isn’t checked, which allows for a stack buffer overflow in the sprintf function. This vulnerability allows for remote code execution with “root” or administrator privileges.
The second vulnerability that allows for the attack is (CVE-2018-1150), which is a backdoor. As Tenable explains, the backdoor is leftover code:
If a file named /tmp/moses exists, the backdoor is enabled. It permits the listing of all user accounts on a system, and allows someone to change any account’s password. This would, for example, permit an attacker to view the camera feeds, view CCTV recordings, or remove a camera from the system entirely.
NUUO is reportedly working on a patch that will be released as soon as possible. As long as a patch is not available, Tenable recommends staying in contact with NUUO and also restricting network access as much as possible.
Featured image: Flickr / opengridscheduler
Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.
Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…
Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…
What will be in your living room or on your wrist this year? It may very likely be one of…
As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.