Security vulnerability in TRENDnet cameras – update now!

closeHey, just so you know ... this post is now about 2 years and 5 months old. Please keep that in mind as it very well may contain broken links and/or outdated information.

If you have a TRENDnet webcam that is accessible over the internet, a serious security vulnerability has been discovered that allows anyone to access the video stream without having to login/authenticate! I got an e-mail from TRENDnet about this earlier in the week, but not everyone registers their products so not everyone may be aware of the problem. Be sure to download the latest firmware update for your camera and apply it ASAP!

Dear Value Customer,

We are sending this email to inform you of a critical firmware update for your TRENDnet TV-IP121W A1.#R wireless IP camera. It has come to our attention that hackers may be able to gain unauthorized access to TRENDnet’s IP Camera video feeds online.

Should I upgrade the firmware?

Yes, all TV-IP121W (A1.#R) owners should upgrade the camera’s firmware to this firmware, v 1.1.1.35, or newer.

How can I upgrade the camera’s firmware?

Go to http://www.trendnet.com/downloads/list_subcategory.asp?SUBTYPE_ID=1341&SUBMIT=Go (or copy and paste the link to your web browser).

Click on Firmware to download the file, extract the file and then follow the instructions in the Firmware Upgrade Procedures PDF file to perform the upgrade.

The whole process should take less than 15 minutes to complete, not including reconfiguration of the camera.

The firmware upgrade requires resetting the camera to factory default.  All camera settings will revert back to their default values. Write down any important settings that you would like and apply them back to the camera after completing the firmware upgrade and factory reset.

Note: Please do not save the camera’s configuration file from the old firmware and restore it to the new firmware.

This is an automated email.  Please do not reply to this email. If you have questions or need assistance on performing the firmware upgrade, please contact our Technical Support hotline at the lower portion of this page http://www.trendnet.com/support/ or send email to ipcam@trendnet.com .

For more than 20 years, TRENDnet has built a reputation for offering trusted, security IP camera solutions to consumers worldwide. We have worked hard to create a brand delivering network solutions that people trust. We apologize for any inconvenience.

TRENDnet Technical Support Team
Torrance, California
USA

You can read TRENDnet’s press release here and Steve Gibson also mentioned this on episode #339 of his Security Now! podcast.

Luckily, my own cameras are currently protected since I use ZoneMinder (hence the camera links themselves are not directly accessible over the internet) but this bug means they were publicly accessible for the year before I switched (if anyone knew about it then). Wow.

Regardless, I went ahead and applied the firmware update to all of my cameras. Be sure to follow the instructions and factory reset your camera after applying the patch! If you don’t, the unauthenticated access is still exploitable (I tried it myself). Take a few screenshots of your current configuration before performing the factory reset, that way you can quickly re-configure the camera the way you had it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>