A few years ago, in November 2014, I started to audit my Wanscam JW0004, and found a few interesting vulnerabilities.
I was concerned about the security flaws already found and I knew I would find more if time allowed. Other researchers found more, and if you want to see how unauthenticated code exec can be done, how to abuse the cloud protocol, you can read the links below:
- SSD Advisory . Over 100K IoT Cameras Vulnerable to Source Disclosure
- Multiple vulnerabilities found in Wireless IP Camera
- Satori Adds Known Exploit Chain to Enslave Wireless IP Cameras
To conclude, if you bought a Chinese WiFi Webcam, unplug it or put it behind a dedicated firewall :/
There are comments.