Beware! Popular Home Security Camera Maker’s Devices Vulnerable to Remote Code Execution

CVECVE-2023-23551
CVSScvssV3_1: 9.1
SourceCVE-2023-23551

The Control By Web X-600M home security cameras have been found to contain a vulnerability that could allow remote code execution. These devices run Lua scripts to provide additional functionality, but do not properly sanitize user-supplied input. An attacker could exploit this to inject malicious code which would then be executed on the vulnerable device.

As Lua is a full-fledged scripting language, this would essentially give the attacker remote control over the camera. They could potentially access the video feed, modify settings, and more. For home users, this could pose a serious privacy risk if an intruder was able to spy through your security cameras.

It is recommended that users of Control By Web X-600M cameras update to the latest firmware version immediately if available. Manufacturers often issue patches to fix vulnerabilities, so keeping devices updated is important. You can check the manufacturer’s website or login to your camera account for any available updates.

If an update is not available, consider replacing vulnerable devices with a more secure model from a reputable brand. Be sure to use strong and unique passwords on any internet-connected devices for additional protection. Reviewing connected devices and their access regularly is also advised. Staying vigilant about cybersecurity can help prevent intrusions into your private network and IoT devices.

References