Some models of webcams, IP surveillance cameras and baby monitors from Chinese manufacturer Foscam have vulnerable firmware that permits anyone with access to the device’s Internet address to catch live streaming and even record videos.
Camera experts reported on the company’s support portal that many Foscam cameras can too easily be accessed by unauthorized persons with only the device’s Internet address at hand. They only need to hit “OK” in the dialog box that requires username and password, without having to fill in the log in data too, as long as the browser was not completely shut down after use.
The vulnerability is present in .54 version MJPEG cameras, models FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, and FI8919W. The company announced an update version of the latest version of firmware- .55 – to be published on the company’s website by 25th of January.
Don Kennedy, a diligent member of the Foscam support forum posted a workaround for the bug to help users until Foscam issues the official fix. Kennedy warned users that this temporary patch can have a downside in that too many attempts to log in without credentials can make the camera freeze. Plus the .55 firmware update will not solve the freeze issue.