David Sigmundson

**Name of the Vulnerable Software and Affected Versions** Jooan IP Camera A5 version 2.3.36 **Description** The issue is related to an insecure FTP server that does not require authentication, allowing remote attackers to read or replace core system files, including those used for authentication, such as `passwd` and `shadow`. This can be exploited to gain full root-level control of the device. **Recommendations** For Jooan IP Camera A5 version 2.3.36, consider disabling the FTP server until a patch is available to prevent unauthorized access. Restrict access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.