ADVISORIES | June 18, 2020

Moog EXO Series Multiple Vulnerabilities

Moog Inc. (Moog) offers a wide range of camera and video surveillance solutions. These can be network-based or part of more complex tracking systems. The products affected by the vulnerabilities in this security advisory are part of the EXO series, “built tough to withstand extreme temperature ranges, power surges, and heavy impacts.” These units are configurable from a web application. The operating systems running on these cameras are Unix-based.

  • ONVIF Web Service Authentication Bypass
  • Undocumented Hardcoded Credentials
  • Multiple Instances of Unauthenticated XML External Entity (XXE) Attacks
  • statusbroadcast Arbitrary Command Execution as root

Access the Advisory (PDF)