CVE-2022-3001 The vulnerability is due to improper input handling at the camera's web-based management interface.

Additionally, this vulnerability could be exploited by an attacker to take control of the network camera, and then initiate a session with the camera’s web-based management interface. This session could then be used to install software on the device that would give the attacker full access to the camera’s internal camera and video storage devices, as well as the ability to turn the camera on or off.

Milesight has confirmed this vulnerability to be actively exploited in the wild. Exploits that use this vulnerability are being actively shared in social media platforms, and have been observed in the wild by multiple customers.
Milesight recommends that all of its customers apply the following mitigations to their affected devices: - Update the affected devices to the latest firmware version. - Apply network threat detection and blocking solutions to prevent exploitation of this vulnerability.
In the event that a network camera is discovered in the wild that is vulnerable to this exploit, Milesight recommends that its customers apply the following mitigations. - Update the affected devices to the latest firmware version. - Apply network threat detection and blocking solutions to prevent exploitation of this vulnerability.

Mitigation for the CVE-2022-3001 Network Camera Vulnerability

Milesight has confirmed this vulnerability to be actively exploited in the wild. Exploits that use this vulnerability are being actively shared in social media platforms, and have been observed in the wild by multiple customers.
Milesight recommends that all of its customers apply the following mitigations to their affected devices: - Update the affected devices to the latest firmware version. - Apply network threat detection and blocking solutions to prevent exploitation of this vulnerability.
In the event that a network camera is discovered in the wild that is vulnerable to this exploit, Milesight recommends that its customers apply the following mitigations. - Update the affected devices to the latest firmware version. - Apply network threat detection and blocking solutions to prevent exploitation of this vulnerability.

Timeline

Published on: 09/15/2022 15:15:00 UTC
Last modified on: 09/19/2022 19:08:00 UTC

References