Release date:
Updated on:
Affected Systems:
Lorextechnology LNC116
Lorextechnology LNC104
Lorextechnology LNC104
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57761
CVE (CAN) ID: CVE-2012-6451
Lorex LNC116 and LNC104 are Network Camera Products.
Lorex LNC116 and LNC104 030312 have security vulnerabilities. This product only uses basic HTTP authentication on the logon homepage. By sending a request directly to a valid URL outside the homepage, you can bypass authentication for access.
<* Source: Jason Doyle
Link: http://packetstormsecurity.com/files/120070/Lorex-LNC116-LNC104-IP-Camera-Authentication-Bypass.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Lorextechnology
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.lorextechnology.com/support/self-serve/LNC116+Vantage+Stream+IP+Camera+-+Frequently+Asked