Attackers can remotely enumerate the usernames of IP camera accounts, facilitating brute-force attacks.The detected vulnerabilities have the following impact: CVE-2020-11623: Exposed dangerous method or function.CVE-2020-11624: Weak password requirements.The following are the three vulnerabilities we found: They also allow users to store the recordings in the cloud, in a network video recorder (NVR) and also create backups in an SD memory card. These products are surveillance cameras intended to be used outdoors with infrared and object detection technology built-in. Three vulnerabilities were found in AvertX IP cameras with model number HD838 and 438IR, as confirmed by AvertX. On February 24, 2020, Palo Alto Networks Unit 42 researchers found vulnerabilities present in AvertX IP cameras running the latest firmware.
