Security vulnerabilities for Sony IP cameras

December 7, 2016

Security vulnerabilities have been discovered for Sony IPELA Engine IP cameras that allow attackers to execute code remotely using hardcoded credentials.

Multiple security vulnerabilities have been discovered for some Sony IPELA Engine IP cameras that allow an attacker to enable Telnet/SSH service for remote administration over the network. This can later be used to obtain a linux shell with root privileges. Around 80 Generation 5 and 6 camera models are affected. Sony has published firmware updates for those models.

The Genetec Inc. product that is affected by this vulnerability includes the Security Center Omnicast™ video management system.

Following the release of the new firmware from Sony, Genetec has updated its supported device list and now officially supports this new firmware. Clients can now safely update any Sony products affected by this vulnerability.

Please refer to the vulnerability report on the SEC Consult website for the complete list of affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult the Genetec Technical Assistance Portal (GTAP)*.

*Note: To log into the Genetec Portal, you must be a Security Center user with the appropriate credentials.  If you do not have access credentials, please contact insidesales@genetec.com.
Previous Article
A guide to hardening your Security Center system
A guide to hardening your Security Center system

Security is what we do; and while we are technology innovators first, a big part of our job is ensuring our...

Next Article
A closer look at authorization
A closer look at authorization

When Apple and the FBI squared off this year over the unlocking of a smart phone, ordinary citizens became ...