CVE-2021-45039

Name of the Vulnerable Software and Affected Versions Uniview IP Camera versions prior to the fixed version

Description The issue concerns an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By exploiting this buffer overflow, a remote attacker can start the telnetd service, which has a hardcoded default username and password (root/123456). Although the telnetd service has a restrictive shell, it can be easily bypassed via the built-in ECHO shell command.

Recommendations For Uniview IP Camera, update to a version that fixes the undocumented UDP service vulnerability on port 7788 to prevent buffer overflow and code execution. As a temporary workaround, consider disabling the telnetd service until a patch is available. Restrict access to the UDP port 7788 to minimize the risk of exploitation.