Ethanhunnt

**Name of the Vulnerable Software and Affected Versions** Amcrest IPM-721S version V2.420.AC00.16.R.20160909 **Description** The Amcrest IPM-721S device has default credentials that are hardcoded in the firmware. These credentials can be extracted by reversing the firmware. The binary "sonia" contains the vulnerable function that sets up the default credentials on the device. The function `sub 3DB2FC` sets up the values at address `0x003DB5A6`, and the function `sub 5C057C` then sets this value and adds it to the Configuration files in `/mnt/mtd/Config/Account1` file. **Recommendations** For Amcrest IPM-721S version V2.420.AC00.16.R.20160909, consider changing the default credentials to prevent unauthorized access. As a temporary workaround, restrict access to the binary "sonia" to minimize the risk of exploitation. Avoid using the default credentials in the Configuration files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blipcare (affected versions not specified) **Description** The Blipcare device provides an open Wireless network called "Blip" for communicating with the device. This allows an attacker who is in vicinity of the Wireless signal to easily sniff the user's Wi-Fi credentials. Additionally, an attacker can connect to the open wireless network and modify the HTTP response to execute other attacks, such as convincing the user to download and execute a malicious binary that would infect a user's computer or mobile device with malware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shekar Endoscope (affected versions not specified) **Description** The Shekar Endoscope device has default Wi-Fi credentials that are the same for every device, allowing an attacker to access the video feed and pictures viewed by the user. This could potentially give them a foothold in air-gapped networks, especially in nation-critical infrastructure and industries. The device is used in various industrial systems, car garages, and medical clinics to access areas that are difficult for humans to reach. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shekar Endoscope (affected versions not specified) **Description** A memory corruption issue was discovered in the Shekar Endoscope device, allowing an attacker connected to the device's Wi-Fi SSID to execute remote code on the device. This device is used in various industrial systems, car garages, and medical clinics to access areas difficult for humans to reach. A breach of this system can allow an attacker to access the video feed and pictures viewed by the user and potentially gain a foothold in air-gapped networks, especially in nation-critical infrastructure and industries. The firmware contains a binary uvc stream, which is a UDP daemon responsible for handling UDP requests. The client application sends a UDP request to change the Wi-Fi name, which is handled by the `control Dev thread` function. This function calls `setwifipassword`, which uses a `memcpy` function with the length of the payload obtained by the `strlen` function, allowing an attacker to overflow the function and control the $PC value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.