Flaw in Guardzilla Security System Exposes User Video Footage
NJCCIC Alert
Original Release Date: 2019-01-08
A significant vulnerability present in Guardzilla’s All-In-One Video Security System has been disclosed following its discovery during a 0DAYALLDAY research event. The vulnerability, CVE-2018-5560, allows any Guardzilla user to access another user’s stored video. A hard-coded credential provides any user access to a shared Amazon S3 instance in which the user can access the free-video-storage, free-video-storage-persist, premium-video-storage, and premium-video-storage-persist buckets. Guardzilla has been contacted about the vulnerability but, at the time of writing, has yet to issue a response or patch.
In the meantime, the NJCCIC advises users who want to protect their accounts to disable cloud-based storage options on their device or contact Guardzilla for more guidance. More technical information on the vulnerability can be found in 0DAYALLDAY’s blog post.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.