Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday July 18 2017, @11:59PM   Printer-friendly
from the no-comment dept.

A vulnerability codenamed Devil's Ivy is putting thousands of Internet-connected devices at risk of hacking.

Discovered by security researchers from Senrio, the flaw affects gSOAP, a C/C++ library widely used in the development of firmware for embedded devices.

gSOAP is a dual licensed (free and commercial) product developed by Genivia, who on its website says the library will help companies in the "development of [...] products [that] meet the latest industry standards for XML, XML Web services, WSDL and SOAP, REST, JSON, WS-Security, WS-Trust with SAML, WS-ReliableMessaging, WS-Discovery, TR-069, ONVIF, AWS, WCF, and more."

Senrio researchers initially discovered the vulnerability while analyzing the firmware of the Axis M3004 security camera.

After contacting the camera vendor with their findings, Axis told Senrio that the Devil's Ivy vulnerability affects 249 of 252 security camera models the company makes, which use firmware that includes the gSOAP toolkit.

The vulnerability is a simple buffer overflow, but Senrio researchers have managed to use it to execute code on the Axis security camera

[...] The problem is that gSOAP is very popular among many IoT and networking equipment vendors. On their website, Genivia claims the library was downloaded over one million times.

[...] A technical report detailing the vulnerability is available here. Devil's Ivy is tracked as CVE-2017-9765.

Source: BleepingComputer

Additional Coverage at:

Advisory from Genevia.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by mth on Wednesday July 19 2017, @12:23AM

    by mth (2848) on Wednesday July 19 2017, @12:23AM (#541252) Homepage

    There are certainly things that are connected to the net for no good reason, but in the case of security cameras, being able to access them remotely is their main purpose.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3