CVE-2015-2885

Name of the Vulnerable Software and Affected Versions Lens Peek-a-View (affected versions not specified)

Description The issue concerns the presence of predefined user accounts in the Lens Peek-a-View wireless video camera. Specifically, there are backdoor accounts with hardcoded passwords: admin with password 2601hx, user with password user, and guest with password guest. These accounts can be accessed through UART for the admin account and through the web interface for the user and guest accounts. Exploitation of this issue could allow a remote attacker to gain access to the device.

Recommendations For all affected versions, consider changing the default passwords of the backdoor accounts admin, user, and guest to strong, unique passwords to prevent unauthorized access. As a temporary workaround, consider disabling remote access to the device until secure passwords are set for these accounts. Restrict access to the UART interface and the web interface to minimize the risk of exploitation.