At least five models of EZVIZ Internet of Things (IoT) cameras are vulnerable to a handful of vulnerabilities that could lead to threat actors accessing, decrypting, and downloading the video from the devices.
EZVIZ is a smart home security brand of cloud-connected hardware used across the globe, offering dozens of IoT security camera models.
As part of their ongoing research into IoT hardware security, analysts at Bitdefender identified vulnerabilities in at least five EZVIZ camera models, although the team added there could be other affected products as well:
- CS-CV248 [20XXXXX72] - V5.2.1 build 180403
- CS-C6N-A0-1C2WFR [E1XXXXX79] - V5.3.0 build 201719
- CS-DB1C-A0-1E2W2FR [F1XXXXX52] - V5.3.0 build 211208
- CS-C6N-B0-1G2WF [G0XXXXX66] - v5.3.0 build 210731
- CS-C3W-A0-3H4WFRL [F4XXXXX93] - V5.3.5 build 22012
First, the security researchers identified a stack-based buffer overflow bug that could lead to remote code execution (CVE-2022-2471). In addition, they found an insecure direct object reference vulnerability at several API endpoints that could allow a cyberattacker to take control of the camera, and a third remote bug that lets an attacker steal the encryption key for the video, the researchers added.
Finally, a local vulnerability, tracked under CVE-2022-2472, lets an attacker take over the device in earnest.
"When daisy-chained, the discovered vulnerabilities allow an attacker to remotely control the camera, download images and decrypt them," the IoT cybersecurity research team added. "Use of these vulnerabilities can bypass authentication and potentially execute code remotely, further compromising the integrity of the affected cameras."
EZVIZ started issuing security updates for the cameras affected by the IoT bug starting in June, Bitdefender disclosed.