Login Sign Up

CVE-2017-8224

9.8 CRITICAL

📋 TL;DR

This vulnerability affects Wireless IP Camera (P2P) WIFICAM devices that have a hardcoded backdoor root account accessible via TELNET. Attackers can gain full administrative control over affected cameras, potentially compromising video feeds and device functionality. Anyone using these specific camera models with default or vulnerable configurations is affected.

💻 Affected Systems

Products:
  • Wireless IP Camera (P2P) WIFICAM devices
Versions: All versions with vulnerable firmware
Operating Systems: Embedded Linux systems on affected cameras
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with default configurations are vulnerable. The backdoor is hardcoded in the firmware.

📦 What is this software?

Wireless Ip Camera \(p2p\) Firmware by Wificam

View all CVEs affecting Wireless Ip Camera \(p2p\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of camera system allowing attackers to view/manipulate video feeds, pivot to internal networks, install persistent malware, or use cameras as botnet nodes.

🟠

Likely Case

Unauthorized access to live video feeds, camera control manipulation, and potential data exfiltration from connected networks.

🟢

If Mitigated

Limited impact if cameras are isolated on separate VLANs with strict network controls and TELNET disabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple TELNET connection with known credentials. Multiple public exploit scripts exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch exists. Replace affected devices with secure alternatives or implement workarounds.

🔧 Temporary Workarounds

Disable TELNET Service

linux

Disable TELNET service on affected cameras to prevent backdoor access

telnetd stop
systemctl disable telnetd
killall telnetd

Network Segmentation

all

Isolate cameras on separate VLAN with strict firewall rules

🧯 If You Can't Patch

  • Physically disconnect cameras from networks
  • Replace affected devices with secure alternatives from reputable vendors

🔍 How to Verify

Check if Vulnerable:

Attempt TELNET connection to camera port 23 with known backdoor credentials

Check Version:

No standard version check available for these embedded devices

Verify Fix Applied:

Verify TELNET service is not running on port 23 and connection attempts fail

📡 Detection & Monitoring

Log Indicators:

  • Failed/successful TELNET authentication attempts
  • Unusual root login events

Network Indicators:

  • TELNET connections to camera IPs on port 23
  • Unusual outbound traffic from cameras

SIEM Query:

source_ip="camera_network" AND destination_port=23 AND protocol="TELNET"

📊 Metadata

CVE ID: CVE-2017-8224
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: April 25, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-8224, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2017-2343 10.0

CVE-2017-2343 is a critical vulnerability in Juniper SRX Series firewalls with Integrated User Firew...

Same vulnerability type (CWE-798)