AVTECH Shuns Security Firm and Leaves All Products Vulnerable Without a Patch

by | Oct 13, 2016

Over 130,000 vulnerable products available online

AVTECH, a Taiwanese CCTV equipment manufacturer, has failed to respond to Search-Lab, a Hungarian security firm that spent more than a year trying to inform the company about 14 security bugs affecting the firmware of all its products.

Almost a year after it first contacted the hardware maker, Search-Lab published a public advisory about the vulnerabilities it discovered, warning sysadmins that their AVTECH products may be in danger of exploitation.

AVTECH fails to provide firmware updates

According to a long list of security flaws, the bugs found by Search-Lab researcher Gergely Eberhardt allow attackers to take over AVTECH products from a remote location, via the Internet.

As such, the researcher is issuing a public warning, urging sysadmins to change the default admin password for AVTECH equipment in order to avoid having these devices added to a DDoS botnet, like it previously happened with devices manufactured by companies such as Dahua, AVer, and TVT.

But changing the admin password is not enough, the researcher says. There are also other security flaws that allow attackers to bypass authentication procedures.

In order to safeguard their equipment, Eberhardt recommends companies to block access from the Internet to the devices’ configuration panel, and limit access to this section only to internal IPs or via selected IP ranges.

Source: AVTECH Shuns Security Firm and Leaves All Products Vulnerable Without a Patch

Signup for our
Monthly Newsletter

We promise we will not share your information with anyone!

David C. left us a 5 star review
on Google
8/12/2021
James H. left us a 5 star review
on Google
8/01/2022
Shirley M. left us a 5 star review
on Facebook
8/26/2016

Share This