Critical IoT Camera Flaw Allows for Device Hijacking
Security researchers at Nozomi Networks have uncovered another critical IoT security camera systems bug that could potentially allow attackers to access and control devices. The remote code execution vulnerability is tracked as CVE-2021-32941 and is located in the web service of the Annke N48PBB network video recorder often used by consumers and businesses. NVRs are a highly important part of a connected security camera system and are designed to capture, store, and manage video feeds.
The vulnerability could cause a stack-based buffer overflow if exploited, therefore allowing an unauthenticated and remote attacker to access sensitive information. The Cybersecurity and Infrastructure Security Agency released an advisory pertaining to the flaw. Nozomi Networks stated that the bug could lead to a loss of confidentiality, integrity, and device availability. Attackers could snoop on the footage, change configurations, or halt recordings altogether. Annke was able to patch the issue and release new firmware just 11 days after disclosure.