This can be especially problematic for devices that are used in public locations such as government buildings or schools. The vendor responsible for the affected software, has been contacted and a fix for this issue is currently under development. In the meantime, customers can protect their devices by applying the latest firmware update.
The TPS200 NG is an outdoor security camera that is produced by Hangzhou Heshi Technology Co. Ltd, a company based in China. This product has been sold in more than 60 countries and is used by a variety of customers, including municipal governments, private individuals, and large enterprises. It is a relatively inexpensive device that can be used in a variety of applications, including monitoring an entrance, area, or perimeter of a property, or for monitoring activity in a given area.
TPS200 NG - Software version CVE-2020-8973
The issue is related to the software used by this camera. The problem is that the camera downloads a firmware update to its hardware when it starts up. This is problematic as the download process uses https, which means that it’s possible for an attacker to modify the update and insert malicious code into it. The attacker can then contact the vendor and use this malicious code to take control of the device remotely.
Description of TPS200 NG
The TPS200 NG is a small weatherproof outdoor security camera that has a fixed 130º viewing angle, with a built-in night vision and microphone. The video is recorded locally on the device's SD card and can be monitored through its mobile app or remotely via the internet. It also has motion detection capabilities and will automatically send an alert to the customer's phone if something were to happen in their area of surveillance.
And while this particular model may not be vulnerable to the flaw in its firmware, other models of the TPS200 NG are affected by this bug. In order to protect against these vulnerabilities, the vendor has been contacted and a fix for this issue is expected soon.>>END>>
How Does TPS200NG Software Work?
This product uses a proprietary software application called TPS200NG to view and record video footage. The TPS200NG software is controlled by an internet browser interface and allows for user-level remote access of the device. This means that the customer can control the camera remotely via the internet, which makes it convenient for those who need to use this device while they are away from their property.
The issue with the TPS200NG system is that it is vulnerable to a vulnerability known as CVE-2020-8973. This vulnerability allows attackers to exploit devices connected to the network by sending invalid data packets over UDP/IPv6, resulting in a denial of service (DoS) condition on the target machine. As mentioned previously, this is especially problematic for devices that are used in public locations such as government buildings or schools. For those who want to further protect their devices before what's currently available becomes available, we recommend installing firmware version 2.4 or 2.5 using the device's IP address (not its LAN IP).
Hangzhou Heshi Technology Co., Ltd has released a fix for this issue and will be releasing a firmware update shortly to address it as well as other potential issues discovered in their security research labs.
Overview of TPS200 NG
The TPS200 NG is a device that can be used for monitoring an entrance, area, or perimeter of a property, or for monitoring activity in a given area. It is also relatively affordable and can be used in many different applications.
It also comes with several features including motion detection capabilities and the ability to record video footage and audio recordings.
This camera has been sold in more than 60 countries and has been used by a variety of customers, including municipal governments, private individuals, and large enterprises.
Timeline
Published on: 10/17/2022 22:15:00 UTC
Last modified on: 10/19/2022 19:04:00 UTC