A Tenable Security researcher has found a flaw in the firmware of a popular IP home security video camera produced by Amcrest that can enable threat actors to obtain online access the audio stream of the camera, without ever needing to provide any type of authentication. “Essentially, if this thing is connected directly to the internet, it’s anyone’s listening device,” the researcher stated.
The vulnerability, tracked as CVE-2019–3948, impacts Amcrest IP2M-841B cameras that use vulnerable firmware of Dahua, a Chinese firm that is the subject of US government concerns over cyber espionage.
Read more: Trivial Bug Turns Home Security Cameras Into Listening Posts