Security News > 2023 > March > Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom
2023-03-13 07:36

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox.

"The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up.

Akuvox E11 is described by the company on its website as a "SIP video doorphone specially designed for villas, houses, and apartments."

A majority of the 13 security issues remain unpatched to date, with the industrial and IoT security company noting that Akuvox has since addressed the FTP server permissions issue by disabling the "The ability to list its content so malicious actors could not enumerate files anymore."

The findings have also prompted the U.S. Cybersecurity and Infrastructure Security Agency to release an Industrial Control Systems advisory of its own last week.

It's also advised to change the default password used to secure the web interface and "Segment and isolate the Akuvox device from the rest of the enterprise network" to prevent lateral movement attacks.


News URL

https://thehackernews.com/2023/03/researchers-uncover-over-dozen-security.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Akuvox 3 0 2 7 8 17
Intercom 2 0 1 2 3 6