Get ready for the next camera-botnet: a Chinese generic wireless webcam sold under more than 1,200 brands from 354 vendors has a buggy and exploitable embedded web server.
According to an advisory by security researcher Pierre Kim this week, the flaws lie within the camera’s administration interface – plus the firmware opens insecure connections to backend systems.
Kim posted a Shodan.io link that lists more than 185,000 vulnerable Wi-Fi-connected cameras exposed to the internet, ready and waiting to be hijacked. The cameras’ CGI script for configuring its FTP server has a remote code execution hole known since 2015, Kim said, and this can be used to run commands as root or start a password-less Telnet server.
There’s a folder in the file system, /system/www/pem/, that includes an Apple developer certificate with a private RSA key. Then there’s an unauthenticated real-time streaming protocol (RTSP) server, so if you can reach the camera’s TCP port 10554, you can watch what it sees.