CVE-2018-10660
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary shell commands on affected Axis IP cameras via command injection. Attackers can gain full control of the device, potentially accessing video feeds, modifying configurations, or using the camera as an entry point into networks. Organizations using vulnerable Axis camera models are affected.
💻 Affected Systems
- Multiple Axis IP Camera models (see Axis advisory for complete list)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to unauthorized video access, device takeover for botnets, lateral movement into internal networks, and persistent backdoor installation.
Likely Case
Unauthorized access to video streams, camera configuration changes, denial of service, and credential theft from the device.
If Mitigated
Limited impact if cameras are isolated in separate network segments with strict firewall rules and no internet exposure.
🎯 Exploit Status
Public exploit code available on Exploit-DB. Exploitation requires network access to camera web interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware 5.80.1 and later
Vendor Advisory: https://www.axis.com/files/faq/Advisory_ACV-128401.pdf
Restart Required: Yes
Instructions:
1. Download latest firmware from Axis website. 2. Backup camera configuration. 3. Upload firmware via web interface. 4. Reboot camera. 5. Restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras in separate VLAN with strict firewall rules blocking unnecessary inbound traffic.
Disable Unused Services
allTurn off web interface if not needed or restrict access to specific IP addresses.
🧯 If You Can't Patch
- Place cameras behind firewalls with strict inbound rules, allowing only necessary management IPs.
- Implement network monitoring for unusual outbound connections from cameras.
🔍 How to Verify
Check if Vulnerable:
Check firmware version via camera web interface: Settings > System > Support > System Overview.Check Version:
Not applicable - check via web interface or Axis Camera Management tool.Verify Fix Applied:
Confirm firmware version is 5.80.1 or higher in System Overview.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Failed authentication attempts followed by successful access
- Configuration changes from unknown IPs
Network Indicators:
- Unexpected outbound connections from cameras
- Unusual HTTP requests to camera web interface
- Traffic to known malicious IPs from camera
SIEM Query:
source="axis-camera" AND (event="command_execution" OR event="config_change")🔗 References
- https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
- https://www.axis.com/files/faq/Advisory_ACV-128401.pdf
- https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf
- https://www.exploit-db.com/exploits/45100/
- https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
- https://www.axis.com/files/faq/Advisory_ACV-128401.pdf
- https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf
- https://www.exploit-db.com/exploits/45100/
