A security researcher has found a slew of vulnerabilities in products made by Taiwanese electronics maker Avtech.
Gergely Eberhardt said in a blog post that of the most serious flaws, an attacker could retrieve the plaintext-stored password of various Avtech products, including digital video recorders and internet-connected surveillance cameras. In the 14 vulnerabilities, he also found unauthenticated command injection and information leakage flaws.
Eberhardt published proof-of-concept code alongside each vulnerability after not hearing back from the company after three separate attempts in almost a year.
You probably think that bug-ridden surveillance cameras aren't a big deal -- but it's what hackers can do with those compromised devices that should have you concerned.
At the time of Eberhardt's post, he said at least 130,000 Avtech devices appear on Shodan, the search engine for open ports and Internet of Things devices. (It was slightly less when we checked, landing in at 120,757 devices as of Wednesday.)
But that's still a significant number of Internet of Things devices that are prime-picking for launching a powerful botnet, capable of bringing down sites and overloading networks.