Critical security vulnerability for multiple ONVIF-based devices

A critical security vulnerability has been discovered for multiple ONVIF-based devices that allow attackers to gain root access to those devices without proper authentication.

July 21, 2017

A critical vulnerability (CVE-2017-9765) called “Devil’s Ivy” could affect a large number of ONVIF-based devices from multiple manufacturers. The vulnerability allows attackers to disable or gain full control of affected devices, by gaining root access without proper authentication.

Genetec products are not affected by this vulnerability.

The vulnerability has since been patched by camera manufacturers.

We advise our customers to update their cameras to the latest firmware in order to eliminate the vulnerability. Genetec has validated the firmware through our certification process.

For customers with Axis products, please refer to the advisory on the Axis product security web page for the complete list of Axis-affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult our Supported Device List.