Critical security vulnerability for multiple ONVIF-based devices

July 21, 2017

A critical security vulnerability has been discovered for multiple ONVIF-based devices that allow attackers to gain root access to those devices without proper authentication.

A critical vulnerability (CVE-2017-9765) called “Devil’s Ivy” could affect a large number of ONVIF-based devices from multiple manufacturers. The vulnerability allows attackers to disable or gain full control of affected devices, by gaining root access without proper authentication.

Genetec products are not affected by this vulnerability.

The vulnerability has since been patched by camera manufacturers.

We advise our customers to update their cameras to the latest firmware in order to eliminate the vulnerability. Genetec has validated the firmware through our certification process.

For customers with Axis products, please refer to the advisory on the Axis product security web page for the complete list of Axis-affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult our Supported Device List.

Previous Article
How secure is your physical security system?
How secure is your physical security system?

As we move forward in 2016 and embark on exciting new challenges, it’s important to take stock of where we ...

Next Article
What is encryption and how important is it?
What is encryption and how important is it?

In our first post of this 6-part series about Security-of-Security, we suggested that you think about the i...