Vulnerabilities in Linksys WVC54GC wireless network camera
US-CERT has posted notifications of two security vulnerabilities in the Linksys WVC54GC wireless network camera. US-CERT say that by delivering a specially crafted packet to the cameras UDP port 916, an attacker can make it respond with a packet that contains the majority of its system configuration, including details such as username, password, wireless ssid, WEP key, WEP password, WPA key, and DNS server. The camera is reported to send this information as an unencrypted packet over the network, which can allow an attacker access to these details and then use them to take control of the camera.
The camera also provides an insecure ActiveX control for Internet Explorer that contains a buffer overflow flaw. "By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash." Version 1.25 of the firmware, issued early this year, fixed both problems. Users should check the version used in their camera and, if necessary, download and install version 1.25.
- Linksys WVC54GC wireless video camera vulnerable to information disclosure, Vulnerability Note from US-CERT
- Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow, Vulnerability Note from US-CERT