Remotely Exploitable Flaws Found in Popular IP Cameras

Bitdefender and Checkmarx have each published reports describing remotely exploitable vulnerabilities found by their researchers in popular VStarcam, Loftek and Neo IP cameras. As part of its research into IoT security, Bitdefender discovered several buffer overflow vulnerabilities affecting the web server service and the Real Time Streaming Protocol (RTSP) server of iDoorbell and Neo Coolcam NIP-22 cameras made by China-based Shenzhen Neo Electronics. A remote, unauthenticated attacker can exploit the flaws to execute arbitrary code and take control of the vulnerable devices. While they focused on the iDoorbell and Neo Coolcam NIP-22 devices, researchers believe other products sold by the Chinese company are also likely affected.