Posts

Siemens Gigaset WLAN camera vulnerability

The Siemens Gigaset WLAN camera is vulnerable for unauthorized users to gain access through telnet and ftp by logging in as the user root. The user can log in without any password. When logged in, it is possible to view the cameras configuration file where the administrator password is stored in clear text.

The vulnerability is verified to exist in firmware version 1.27 but might be present in other versions too. At present time there are no updates available from Siemens later than version 1.27.

It is therefore a recommendation to maintain the Siemens Gigaset WLAN camera only on a private network or behind a firewall and to use an administrator password that is not used anywhere else.

See also the Siemens web page for Gigaset WLAN camera.