Critical security vulnerability for multiple ONVIF-based devices

July 21, 2017

A critical security vulnerability has been discovered for multiple ONVIF-based devices that allow attackers to gain root access to those devices without proper authentication.

A critical vulnerability (CVE-2017-9765) called “Devil’s Ivy” could affect a large number of ONVIF-based devices from multiple manufacturers. The vulnerability allows attackers to disable or gain full control of affected devices, by gaining root access without proper authentication.

Genetec products are not affected by this vulnerability.

The vulnerability has since been patched by camera manufacturers.

We advise our customers to update their cameras to the latest firmware in order to eliminate the vulnerability. Genetec has validated the firmware through our certification process.

For customers with Axis products, please refer to the advisory on the Axis product security web page for the complete list of Axis-affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult our Supported Device List.

Previous Article
Intel firmware vulnerability affecting some Genetec appliances
Intel firmware vulnerability affecting some Genetec appliances

This vulnerability makes it possible to load and execute arbitrary code outside the visibility of the user ...

Next Article
Update: WannaCry Ransomware attack
Update: WannaCry Ransomware attack

Notice for Genetec Windows-based Appliances: WannaCry Ransomware Attack