#FactFriday ‘Millions of #IoT #gizmos’ wide open to #hijackers after devs drop gSOAP http://bit.ly/2tmdD02 #Security researchers investigating internet-connected #videocameras have uncovered a bug that could conceivably leave millions of devices open to easy pwnage.
The team from embedded security specialists Senrio was looking into the code running an M3004-V network camera from Axis Communication. They found a serious hole in the firmware’s web interface that would allow an attacker to either shut down the camera or hijack the feed and spy on people.
The vulnerability, dubbed Devil’s Ivy aka CVE-2017-9765, can be exploited by overflowing a stack buffer by sending the camera’s HTTP port 80 service a specially crafted POST command. From there, it’s possible to gain control of the embedded system using some injected shellcode. #Hackers