A Vulnerability has been discovered in a Genivia’s gSOAP toolkit which is widely being used for implementing ONVIF by video surveillance manufacturers.

Genivia's gSOAP Toolkit Vulnerability Detected

Genivia's gSOAP Toolkit Vulnerability Detected

A Vulnerability has been discovered in a Genivia’s gSOAP toolkit which is widely being used for implementing ONVIF by video surveillance manufacturers.

According to IPVM’s latest article Genivia’s gSOAP toolkit which creates HTTP APIs has a vulnerability. IPVM states that “The nature of buffer overflow attacks makes them somewhat device specific, and can require trial and error, or deep knowledge of the system itself, to form a successful attack that reveals data or provides root access. Because of this, and the fact that few details of the specific XML formatting required for an exploit are being released it will be hard for this vulnerability will be put to real use.

Similar to most other cyber security vulnerabilities in network devices, restricting network access to the unit will greatly reduce the chance of exploit. Cameras utilizing a VMS or recorder for remote access, instead of being directly connected to the internet, are essentially immune from remote attack (though it is possible for the VMS itself to have vulnerabilities). Additionally, upgrading firmware to manufacturer-recommended versions, as they become available, will eliminate this specific vulnerability.”

To avoid any further damage you should download gSOAP 2.8.48 or higher version. For the latest version of the gSOAP (2.8.49) please click here: Download and Installation

Apr 30th 2021 Seth Adams

Recent Posts