CVE-2022-38399 The SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 have an unprotected alternate hardware interface that allows attackers to execute arbitrary OS commands.

via USB or Ethernet. Running arbitrary commands on the device allows attackers to gain access to the device's configuration or to install malicious software. All devices with a serial interface (USB / Ethernet) have this security issue. To fix this issue, update the firmware to the latest version. All devices with a serial interface (USB / Ethernet) have this security issue. To fix this issue, update the firmware to the latest version. Confirmed version for all SmaCam cameras with a serial interface: Confirmed version for all SmAcam cameras with a serial interface: SmaCam CS-QR10 all versions from 2015.09.19 - 2015.09.26

SmaCam CS-QR10 all versions from 2015.09.27 - 2015.10.03

SmaCam CS-QR10 all versions from 2015.10.04 - 2015.10.10

SmaCam CS-QR10 all versions from 2015.10.11 - 2015.10.17

SmaCam Night Vision CS-QR20 all versions from 2015.09.18 - 2015.09.25

SmaCam Night Vision CS-QR20 all versions from 2015.09.26 - 2015.10.02

SmaCam Night Vision CS-QR20 all versions from 2015.10.03 - 2015.10.09

If your camera has a serial interface and the version is not listed

How to check if your camera has a serial interface?

If your camera has a serial interface and the version is not listed, you can check by plugging it into your computer using the USB or Ethernet cable. This will allow you to see if the device has this security issue.

Fix for SmaCam CS-QR10 all versions

If your camera has a serial interface and the version is not listed, update the firmware to the latest version.

Timeline

Published on: 09/08/2022 08:15:00 UTC
Last modified on: 09/15/2022 22:23:00 UTC

References