I've noticed my firewall reporting...
Threat Management Alert 2: Attempted Information Leak. Signature ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi. From: 167.88.161.157:45506, to: 192.168.9.230:554, protocol: TCP
That target IP address is my Synology NAS running Surveillance Station.
When I googled "Signature ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi" I found AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities and the recommendation of...
Recommendations
---------------
Unfortunately there is no solution available for these vulnerabilities at the moment. You can take the following steps to protect your device:
Which of course is good advice hence searching the forum and posting this.
The only thing that I find surprising is I don't have any Avtech cameras or devices, so do Avtech make cameras for other companies as well so the exploits in their software is also in other cameras?
Threat Management Alert 2: Attempted Information Leak. Signature ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi. From: 167.88.161.157:45506, to: 192.168.9.230:554, protocol: TCP
That target IP address is my Synology NAS running Surveillance Station.
When I googled "Signature ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi" I found AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities and the recommendation of...
Recommendations
---------------
Unfortunately there is no solution available for these vulnerabilities at the moment. You can take the following steps to protect your device:
- Change the default admin password
- Never expose the web interface of any Avtech device to the internet
Which of course is good advice hence searching the forum and posting this.
The only thing that I find surprising is I don't have any Avtech cameras or devices, so do Avtech make cameras for other companies as well so the exploits in their software is also in other cameras?
Last edited:
