Vulnerability in security measure bypass of hard-coded credential of the Horizon Network Camera

Release date:
Updated on:

Affected Systems:
Stem Innovation horizon 2.0.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 63388
CVE (CAN) ID: CVE-2013-6236

Horizon is a Network Camera product produced by Stem Innovation.

In its Linux release version and in its Web application, Horizon uses multiple hard-coded creden。. In addition, it uses Web interface creden。 to access the camera data stream and configuration details, including third-party API keys.

<* Source: Mark Stanislav

Link: http://seclists.org/bugtraq/2013/Oct/149
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Stem Innovation
---------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://steminnovation.com/izon

Refer:
Https://blog.duosecurity.com/2013/10/izon-ip-camera-hardcoded-passwords-and-unencrypted-data-abound/
Https://securityledger.com/2013/10/apple-store-favorite-izon-cameras-riddled-with-security-holes/
Http://cve.mitre.org/cgi-bin/cvename.cgi? Name = CVE-2013-6236