Multiple Trendnet Camera products are prone to a remote security- bypass vulnerability.

Successfully exploiting this issue will allow remote attackers to gain access to a live stream from the camera.

Vendor updates are available.

On vulnerable devices it is possible to access the livestream without any authentication by requesting http://<ip-of camera>/anony/mjpg.cgi.

Trendnet TV-VS1P V1.0R 0 Trendnet TV-VS1 1.0R 0 Trendnet TV-IP422WN V1.0R 0 Trendnet TV-IP422W A1.0R 0 Trendnet TV-IP422 A1.0R 0 Trendnet TV-IP410WN 1.0R 0 Trendnet TV-IP410W A1.0R 0 Trendnet TV-IP410 A1.0R 0 Trendnet TV-IP322P 1.0R 0 Trendnet TV-IP312WN 1.0R 0 Trendnet TV-IP312W A1.0R 0 Trendnet TV-IP312 A1.0R 0 Trendnet TV-IP252P B1.xR 0 Trendnet TV-IP212W A1.0R 0 Trendnet TV-IP212 A1.0R 0 Trendnet TV-IP121WN v2.0R 0 Trendnet TV-IP121WN 1.0R 0 Trendnet TV-IP121W A1.0R 0 Trendnet TV-IP110WN 2.0R 0 Trendnet TV-IP110WN 1.0R Trendnet TV-IP110W A1.0R 0 Trendnet TV-IP110 A1.0R 0

Test if it is possible to access /anony/mjpg.cgi without authentication

• http://console-cowboys.blogspot.com.au/2012/01/trendnet-cameras-i-always-feel-like.html
• http://www.securityfocus.com/bid/51922
• http://www.trendnet.com/press/view.asp?id=1959
• http://www.trendnet.com/products/proddetail.asp?prod=145_TV-IP110W

---

Updated on 2015-03-25