A zero-day bug has compromised about 800,000 IP-based closed-circuit security cameras that allows hackers to access surveillance cameras, manipulate videos, spy or deploy malware. According to Tenable Research Advisory, the bugs are critical and could be in use in one in 100 cameras.
Taiwan-based NUUO provides the firmware to over 100 different partners including Cisco, Sony, D-Link and others. The bug could have affected a larger number as the firmware is used by OEM partners. The vulnerabilities dubbed Peekaboo by tenable are linked to NUUO’s NVRMini2 webserver software. The company has released a patch to fix the vulnerability.