Critical security vulnerability for multiple ONVIF-based devices

July 21, 2017

A critical security vulnerability has been discovered for multiple ONVIF-based devices that allow attackers to gain root access to those devices without proper authentication.

A critical vulnerability (CVE-2017-9765) called “Devil’s Ivy” could affect a large number of ONVIF-based devices from multiple manufacturers. The vulnerability allows attackers to disable or gain full control of affected devices, by gaining root access without proper authentication.

Genetec products are not affected by this vulnerability.

The vulnerability has since been patched by camera manufacturers.

We advise our customers to update their cameras to the latest firmware in order to eliminate the vulnerability. Genetec has validated the firmware through our certification process.

For customers with Axis products, please refer to the advisory on the Axis product security web page for the complete list of Axis-affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult our Supported Device List.

Previous Article
A guide to hardening Your Omnicast 4.x System
A guide to hardening Your Omnicast 4.x System

Security is what we do; and while we are technology innovators first, a big part of our job is ensuring our...

Next Article
Are your cameras secured?
Are your cameras secured?