CVE-2024-5095
📋 TL;DR
A denial-of-service vulnerability exists in the MQTT Packet Handler of Victor Zsviot Camera version 8.26.31. Attackers can remotely exploit this vulnerability to crash the camera service, disrupting video monitoring functionality. This affects users of the specific camera model with the vulnerable firmware.
💻 Affected Systems
- Victor Zsviot Camera
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Camera becomes completely unresponsive, requiring physical reboot or factory reset to restore functionality, causing extended surveillance downtime.
Likely Case
Camera service crashes temporarily, interrupting video feeds and recording until automatic or manual restart occurs.
If Mitigated
With network segmentation and access controls, impact is limited to isolated camera network segments with minimal operational disruption.
🎯 Exploit Status
Exploit details are publicly available in GitHub documentation. Attack requires network access to camera's MQTT service (typically port 1883).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Monitor vendor website for firmware updates. Consider replacing with supported hardware if vendor remains unresponsive.
🔧 Temporary Workarounds
Network Segmentation
linuxIsolate camera network from untrusted networks and restrict MQTT port access
iptables -A INPUT -p tcp --dport 1883 -j DROP
iptables -A INPUT -p udp --dport 1883 -j DROP
Disable MQTT Service
allTurn off MQTT functionality if not required for camera operation
Check camera web interface: Settings > Network > MQTT > Disable
🧯 If You Can't Patch
- Implement strict network access controls to camera MQTT port (1883/TCP)
- Deploy network monitoring for abnormal MQTT traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check camera firmware version via web interface: Settings > About > Firmware Version. If version is 8.26.31, device is vulnerable.Check Version:
curl -s http://camera-ip/cgi-bin/version.cgi | grep FirmwareVerify Fix Applied:
Test MQTT service resilience by sending malformed MQTT packets to port 1883. If service remains stable, mitigation may be working.📡 Detection & Monitoring
Log Indicators:
- Camera service restart logs
- MQTT handler crash messages
- Abnormal disconnection events
Network Indicators:
- Malformed MQTT packets to port 1883
- High volume of MQTT connection attempts
- Unusual packet sizes in MQTT traffic
SIEM Query:
source="camera_logs" AND ("crash" OR "restart" OR "mqtt error") AND dest_port=1883🔗 References
- https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/zsviot%20camera.pdf
- https://vuldb.com/?ctiid.265077
- https://vuldb.com/?id.265077
- https://vuldb.com/?submit.332461
- https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/zsviot%20camera.pdf
- https://vuldb.com/?ctiid.265077
- https://vuldb.com/?id.265077
- https://vuldb.com/?submit.332461
