The backdoor was discovered by Stefan Viehbck of Austrian infosec outfit SEC Consult in October, reported to Sony and disclosed today. Firmware updates to kill off the vulnerability are already available from sony.co.uk. "We are grateful to SEC Consult for their assistance in enhancing network security for our network cameras," Sony said.
The firmware contains two hardcoded, permanently enabled accounts in the builtin web-based admin console: debug with the password popeyeConnection, and primana with the password primana. The latter, coupled with magic strings in the URL, unlocks telnet access, potentially granting administrative access to the camera via a command line. Later models can open an SSH server, too.
Sony Snc-dh120 Firmware Download
Download Zip 🔥 https://urluso.com/2y3HB3 🔥
SEC Consult reckons the hashes will be cracked by miscreants soon enough, thus revealing the hardcoded root login password. Therefore, it's recommended firmware updates are applied to at-risk cameras before they are infected by hackers who have discovered the backdoor password.
The affected models use firmware version 1.82.01 or earlier if they are fifth generation, or 2.7.0 or earlier if they are sixth generation. Firmware versions 1.86.00 and 2.7.2 contain the fixes, we're told. Specifically, if you have any of the following models, you should check if you have the latest firmware installed:
SEC Consult, a European security company, uncovered a backdoor in 80 Sony IPELA Engine IP camera models. This latest discovery shows, once again, that it is universally a bad idea to have a backdoor in software and devices--no matter what the intentions are behind it. Sony has since fixed the backdoor with a firmware update, but it highlights the problems created by using a backdoor.
EU-based security firm SEC Consult says it found the flaw following a routine firmware inspection. Its researchers say a standard scan had identified two hardcoded password hashes in the firmware deployed on several security cameras.
The security firm told Sony of their findings on October 11, and the hardware maker released firmware updates on November 28. Sony hasn't provided any explanation to researchers about the presence of the "root" account. 2351a5e196
download shape bender plugin sketchup
download music ozledim murat boz