The AJCloud IP camera management platform has been found to have several severe security vulnerabilities, which, if exploited, could expose sensitive user data and allow remote control of any connected camera. Researchers from Elastic Security Labs noted that these vulnerabilities could allow attackers to gain complete access to camera settings, view live feeds, and potentially disable devices or access them permanently. The platform’s design includes a P2P (peer-to-peer) command that grants arbitrary write access to key configuration files, making it especially vulnerable to manipulation.
One significant vulnerability involves the ability to disable cameras permanently or initiate a buffer overflow, which could then lead to remote code execution. This means attackers could exploit this flaw to completely compromise the security of these cameras, impacting both residential and commercial users. Although these cameras are commonly used in smart home security systems, the platform’s vulnerability to hacking risks turning these surveillance devices into tools for unauthorized surveillance and data theft.
Despite repeated outreach efforts, Elastic Security Labs has yet to establish contact with AJCloud’s Chinese-based development team to address these concerns. As a result, users of AJCloud’s IP camera platform remain vulnerable, with no confirmed timeline for security patches. The lack of response raises further concerns about accountability and the company’s commitment to securing its products against potential exploitation by cybercriminals.
Reference:
