Connect with us

Hi, what are you looking for?



Command Injection Vulnerabilities Found in AirLive IP Cameras

Researchers have identified vulnerabilities affecting several IP camera models from AirLive, a Taiwan-based company that provides IP-enabled surveillance and networking solutions.

Researchers have identified vulnerabilities affecting several IP camera models from AirLive, a Taiwan-based company that provides IP-enabled surveillance and networking solutions.

According to an advisory published by Core Security on Monday, AirLive’s MD-3025, BU-3026, BU-2015, WL-2000CAM and POE-200CAM cameras are plagued by flaws that can be exploited remotely for arbitrary command execution.

AirLive MD-3025, BU-3026 and BU-2015 cameras are affected by an operating system (OS) command injection bug (CVE-2015-2279) related to the cgi_test.cgi binary file. By sending a specially crafted request to this file, an unauthenticated attacker can inject arbitrary commands.

Researchers have pointed out that the attack is somewhat limited due to some checks put in place by the manufacturer. However, there are some commands that can be executed. For example, an attacker can leverage the vulnerability to obtain a device’s MAC address, model name, hardware and firmware versions, and other information.

The second vulnerability (CVE-2014-8389) is related to the wireless_mft.cgi binary file and it affects AirLive WL-2000CAM and POE-200CAM cameras. The flaw can be exploited by using hardcoded credentials found in the configuration file of the embedded Boa web server. A proof-of-concept published by researchers shows how an attacker can exploit the bug to obtain user credentials and gain complete access to the device.

Core Security has verified its findings on AirLive BU-2015 running firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware version 1.43 21.08.2014, AirLive MD-3025 with firmware version 1.81 21.08.2014, AirLive WL-2000CAM with firmware version LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM. Experts believe other camera models running other firmware versions may be affected as well.

Core Security has attempted to report its findings to the vendor on multiple occasions via several channels over the past two months. Since it didn’t get a response from AirLive, the security firm decided to publicly disclose the details of the vulnerabilities.

Advertisement. Scroll to continue reading.

AirLive representatives told SecurityWeek that the company’s research and development team has determined that the information exposed by CVE-2015-2279 is for “production purposes” and it cannot be used to change settings on the device or view videos.

“The issues found by Core Security were commands used in the production process. The write commands do not work unless the hardware is put into debug mode on the PCB, which is only possible during the production process. Therefore, attackers cannot change settings or view video. We believe this does not constitute a threat to the security of the cameras,” AirLive said.

“Nevertheless, we have release patch firmwares on our website already to close those commands. We have also written to Core Security requesting them to revise their articles,” the company added.

Related: D-Link Patches Flaws in IP Cameras, Wireless Range Extenders

*Updated with information from AirLive.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.