nerdia.net

The Siemens Gigaset WLAN camera is vulnerable for unauthorized users to gain access through telnet and ftp by logging in as the user root. The user can log in without any password. When logged in, it is possible to view the cameras configuration file where the administrator password is stored in clear text.

The vulnerability is verified to exist in firmware version 1.27 but might be present in other versions too. At present time there are no updates available from Siemens later than version 1.27.

It is therefore a recommendation to maintain the Siemens Gigaset WLAN camera only on a private network or behind a firewall and to use an administrator password that is not used anywhere else.

See also the Siemens web page for Gigaset WLAN camera.

Tags: camera, IP-camera, siemens, vulnerability, WLAN

This entry was posted on Saturday, September 12th, 2009 at 1:54 pm and is filed under Hardware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.