Security

Axis Camera Remote Exploit

Leave a comment

The ActiveX control provided for Axis surveillance cameras has a critical vulnerability due to a buffer overflow, according to US-CERT note #355809:

Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft development tools and Microsoft Internet Explorer. The ActiveX control, provided by AxisCamControl.ocx, is known as “CamImage” or “Axis Camera Control.” The SaveBMP() method of this control contains a stack buffer overflow.

Axis Communications lists the following products as being affected

AXIS 2100, AXIS 2110, AXIS 2120, AXIS 2130 PTZ, AXIS 2420, AXIS 2420-IR, AXIS 2400, AXIS 2400+, AXIS 2401, AXIS 2401+, AXIS 2411, AXIS Panorama PTZ

Options are to install a new version, disable it, or disable ActiveX entirely. Expect more of these vulnerabilities in surveillance systems as the physical and information security worlds continue to collide.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.