ADVISORIES | June 18, 2020

Moog EXO Series Multiple Vulnerabilities

By Mario Ballano Gabriel Gonzalez Josep Pi Rodriguez & Simon Robin

Moog Inc. (Moog) offers a wide range of camera and video surveillance solutions. These can be network-based or part of more complex tracking systems. The products affected by the vulnerabilities in this security advisory are part of the EXO series, “built tough to withstand extreme temperature ranges, power surges, and heavy impacts.” These units are configurable from a web application. The operating systems running on these cameras are Unix-based.

ONVIF Web Service Authentication Bypass
Undocumented Hardcoded Credentials
Multiple Instances of Unauthenticated XML External Entity (XXE) Attacks
statusbroadcast Arbitrary Command Execution as root

Access the Advisory (PDF)

ADVISORIES |

Verint PTZ Cameras Multiple Vulnerabilities

By Mario Ballano Gabriel Gonzalez Josep Pi Rodriguez & Simon Robin

Verint Systems Inc. (Verint) sells software and hardware solutions to help its clients perform data analysis. Verint also offers IP camera systems and videos solutions. Most of these cameras are configurable from a web application. The operating systems running on these cameras are Unix-based.

DM Autodiscovery Service Stack Overflow
FTP root User Enabled
Undocumented Hardcoded Credentials

Access the Advisory (PDF)

By continuing to use the site, you agree to the use of cookies. more information