It is reported that gSOAP is a high-level c / c + + automatic coding tool for the development of XML Web services and XML applications. Researchers found the vulnerability when analyzing the Axis webcam. Once successfully used, an attacker will be able to remotely access the video source or deny user access. In view of the special features of the camera, the vulnerability can lead to attackers to steal sensitive data or clear the crime information.
At present, Axis has confirmed that the existing 250 cameras in the prevalence of the loopholes, and on July 6 quickly released firmware upgrade patch, urging partners and customers to upgrade as soon as possible to repair loopholes. Taking into account the Canon, Siemens, Cisco, Hitachi and other companies are using the same section of the affected software, the attacker is likely to use other manufacturers networking equipment.
Axis immediately contacted the Electronics Industry Alliance ONVIF to ensure that potential victims, including the above companies, are aware of the seriousness of the problem and fix the vulnerability in a timely manner. Researchers said that things networking equipment is the weakest link in network communications, timely update network equipment, away from the public network is the most sensible approach.
The post Remote access vulnerability “Devil’s Ivy” set millions of networking equipment at risk appeared first on Penetration Testing.