標題:義籍駭客破解MASTER IPCAM01並取得ROOT密碼
摘要:
自稱Raffaele Sabato的駭客亦破解該國Barni Carlo spa公司出廠的網路攝影機,型號Master IPCAM01。
循HTTP request途徑則能獲得IP camara管理性資料並變更web server 通信埠,等同接管全機。目前尚未獲悉修補訊息,然須注意所有探勘行動皆發生於輸入預設帳密之後,鑒於眾多網路攝影機預設密碼業已披露,故修改實為保全IoT之根本要務。
坊間已公開之IP camara帳號/密碼:
Acta: admin / 123456
Appro: admin / 9999
Avigilon: admin / admin
Axis: root / pass
Basler: admin / admin
Boschs: service / service
Brickcom: admin / admin
Canon: root / (Camera Model)
CBC: admin / admin
CNB: root / admin
Dahua:admin / admin ,888888/888888,666666/666666
Dynacol: admin / 1234
GeoVision: admin / admin
Grandstream: admin / admin
GVI: admin / 1234
Hikvision: admin / 12345
Honeywell: administrator / 1234
IOImag: admin / admin
IPX-DDK: root / admin
IQinVisions: root / system
JVC: admin / JVC
Merit Lilin: admin / pass
Messo: admin / (Camera Model)
Mobotixs: admin / Meins
Panasonic: admin / 12345
Pelco Sarix: admin / admin
Pixord: admin / admin
Riva-Rivatech: root / pass
QViS: admin / 1234
Samsung Electronics: root / root , admin / 4321
Samsung Techwin (new): admin / 4321
Samsung Techwin (old): admin / 1111111
Sanyo: admin / admin
Scallop: admin / password
Sony: admin / admin
Stardot: admin / admin
Toshiba: root / ikwd
Trendnet: admin / admin
Telexper / txper: admin / 99999999
Ubiquiti: ubnt / ubnt
UNV (Uniview): admin / 123456
Verint: admin / admin
VideoIQ: supervisor / supervisor
Vivotek: root /空
引用來源:
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=4870