Some models of webcams, IP surveillance cameras and baby monitors from Chinese manufacturer Foscam have vulnerable firmware that permits anyone with access to the deviceâ€™s Internet address to catch live streaming and even record videos.
Camera experts reported on the companyâ€™s support portal that many Foscam cameras can too easily be accessed by unauthorized persons with only the deviceâ€™s Internet address at hand. They only need to hit â€œOKâ€ in the dialog box that requires username and password, without having to fill in the log in data too, as long as the browser was not completely shut down after use.
The vulnerability is present in .54 version MJPEG cameras, models FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, and FI8919W. The company announced an update version of the latest version of firmware- .55 â€“ to be published on the companyâ€™s website by 25th of January.
Don Kennedy, a diligent member of the Foscam support forum postedÂ a workaround for the bug to help users until Foscam issues the official fix. Kennedy warned users that this temporary patch can have a downside in that too many attempts to log in without credentials can make the camera freeze. Plus the .55 firmware update will not solve the freeze issue.