Hacking into security cameras | CVE-2020-25078
Finding open security or public cameras on internet is an easy task, by using google dorks.
Below are some google dorks to find public cameras
inurl:currenttime inurl:top.htm
inurl:/view.shtml
inurl:"lvappl.htm"
inurl:”CgiStart?page=”
inurl:/view.shtml
intitle:”Live View/ — AXIS”
inurl:iview/view.shtml
inurl:ViewerFrame?M0de=
inurl:ViewerFrame?M0de=Refresh
inurl:axis-cgi/jpg
inurl:/live.htm intext:"M-JPEG"|"System Log"|"Camera-1"|"View Control"
intitle:"IP CAMERA Viewer" intext:"setting | Client setting"
Some public cameras using google dorks
CVE-2020-25078 Detail
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.