A vulnerability was reported in Cisco Video Surveillance Cameras. A remote user can decrypt user connections to obtain potentially sensitive information in certain cases.|
The system uses a hard-coded certificate and hard-coded keys to protect user connections. A remote user that can conduct a man-in-the-middle attack can use the static credentials to decrypt user connections and obtain potentially sensitive information.
The following models are affected:
WVC2300 Wireless-G Business Internet Video Camera - Audio
PVC2300 Business Internet Video Camera - Audio/PoE
The vendor has assigned bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913 to this vulnerability.
Stefan Viehbck from SEC Consult Vulnerability Lab reported this vulnerability.