CVE-2018-13114
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary commands on KERUI Wifi Endoscope Camera devices by sending specially crafted SSID values. Attackers can run commands with up to 19 characters, potentially gaining control of the camera. All users of affected KERUI camera models are at risk.
💻 Affected Systems
- KERUI Wifi Endoscope Camera (YPC99)
📦 What is this software?
Ypc99 Firmware by Keruigroup
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover allowing attackers to install persistent malware, pivot to internal networks, or use the camera for surveillance without owner knowledge.
Likely Case
Attackers execute reconnaissance commands, disrupt camera functionality, or use the device as an entry point to the local network.
If Mitigated
With proper network segmentation and firewall rules, impact is limited to camera compromise without network lateral movement.
🎯 Exploit Status
Exploit requires sending a single HTTP request with crafted SSID parameter; no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available from vendor. Consider replacing affected devices with secure alternatives.
🔧 Temporary Workarounds
Network Segmentation
allIsolate camera on separate VLAN with strict firewall rules preventing external access and limiting internal communication.
Disable Remote Access
allDisable wifi connectivity and use only as wired device if possible, or ensure camera is not connected to internet-facing networks.
🧯 If You Can't Patch
- Replace affected cameras with secure alternatives from reputable vendors
- Implement strict network access controls and monitor for suspicious traffic to/from camera devices
🔍 How to Verify
Check if Vulnerable:
Send SETSSID command with ssid:;ping [local_ip] payload to camera IP and check for ICMP response.Check Version:
No standard version check command; check device firmware through web interface if available.Verify Fix Applied:
No official fix available; verify workarounds by testing that camera cannot be reached from untrusted networks.📡 Detection & Monitoring
Log Indicators:
- Unusual SETSSID commands
- Commands with semicolons in SSID field
- Multiple failed authentication attempts if logging enabled
Network Indicators:
- HTTP requests to camera with crafted SSID parameters
- Unusual outbound connections from camera
SIEM Query:
source_ip="camera_ip" AND (uri="*SETSSID*" OR user_agent="*ssid:*")