Security vulnerabilities for Sony IP cameras

Security vulnerabilities have been discovered for Sony IPELA Engine IP cameras that allow attackers to execute code remotely using hardcoded credentials.

December 7, 2016

Multiple security vulnerabilities have been discovered for some Sony IPELA Engine IP cameras that allow an attacker to enable Telnet/SSH service for remote administration over the network. This can later be used to obtain a linux shell with root privileges. Around 80 Generation 5 and 6 camera models are affected. Sony has published firmware updates for those models.

The Genetec Inc. product that is affected by this vulnerability includes the Security Center Omnicast™ video management system.

Following the release of the new firmware from Sony, Genetec has updated its supported device list and now officially supports this new firmware. Clients can now safely update any Sony products affected by this vulnerability.

Please refer to the vulnerability report on the SEC Consult website for the complete list of affected products and firmware.

For more information on the exact firmware supported by Security Center, please consult the Genetec Technical Assistance Portal (GTAP)*.

*Note: To log into the Genetec Portal, you must be a Security Center user with the appropriate credentials.  If you do not have access credentials, please contact insidesales@genetec.com.