IoT Device Vulnerability of Baby Monitors

On Friday, Bitdefender researchers revealed the vulnerabilities present in the IoT devices manufactured by a Chinese vendor, Victure. By making use of the zero-day vulnerabilities on a baby monitoring system, attackers can easily get hold of the camera feeds and execute unauthorized code like malware.

Bitdefender detailed how an attacker could execute remote code on the target device by exploiting this vulnerability within an ONVIF component of the device.

If exploited, an attacker can compromise the camera firmware, instruct the cameras to transmit feed to unauthorized third parties & spy on camera owners in their homes constantly by using these vulnerabilities.

Vulnerability Type

●      Stack-based buffer overflow vulnerability 

Infected Camera Type

●      PC420 smart camera (1.2.2 and prior)

As per the reports published,  BitDefender reported this vulnerability to the vendors but the vendor hasn’t responded to the issue yet.