Security cameras of IoT that represents various vendors invite opportunities for flaws. Recently, researchers have discerned a similar vulnerability that lets hacking of surveillance cameras. By employing this “Peekaboo zero-day vulnerability” in the NUUO software, an attacker could remotely perform arbitrary commands.
Vulnerabilities In NUUO Software Allows Hacking Surveillance Cameras
A study that was made in cybersecurity firm Tenable have discovered two different vulnerabilities in video management software NUUO that allow hacking of surveillance cameras. As mentioned on their official website, NUUO enjoys over 100,000 installations worldwide. Hence, one can envisage the gigantic impact of the vulnerabilities reported by Tenable.
As the per the report, researchers have found two different flaws in the NUUO security system for which they have provided a POC as well in their report. These vulnerabilities mainly affect the NVRMini2 – a network-attached storage and video recording tool. One of these vulnerabilities, “The Mystery of the Backdoor” (CVE-2018-1150) is a Medium severity rated fault developed due to “leftover debug code”. Explaining this vulnerability, the researchers state,
“If a file named /tmp/moses exists, the backdoor is enabled. It permits the listing of all user accounts on a system and allows someone to change any account’s password. This would, for example, permit an attacker to view the camera feeds, view CCTV recordings, or remove a camera from the system entirely.” [Latest hacking news]
An attacker needs to create file “/tmp/moses” which may require exploiting another vulnerability to develop this vulnerability,
The other susceptibility, which is significantly important, is a zero-day vulnerability named “Peekaboo”. This vulnerability (CVE-2018-1149) carries a Temporal Score of 8.6 with a “Critical” severity rating. It is an “unauthenticated stack buffer overflow” vulnerability that permits remote code execution by the attacker. Jacob Baines, Tenable’s Senior Research Engineer, has developed the proof-of-concept demonstrating this error.
About the Peekaboo zero-day vulnerability, the researchers explain,
“The NVRMini2 uses an open-source web server that holds up some executable binaries via the common gateway interface (CGI) protocol. One of the CGI binaries that can be applied on the NVRMini2 is ‘cgi_system’ and it can be accessed via http://x.x.x.x/cgi-bin/cgi_system. This binary handles a variety of commands and actions that necessitate the user be authenticated.
During authentication, the cookie parameter’s session ID size isn’t checked, which allows for a stack buffer overflow in the sprintf function. This vulnerability allows for remote code execution with “root” or administrator privileges.” [Latest hacking news]