OTPulse
FeedAboutContact

ABUS TVIP

Act Now7.2ICS-CERT ICSA-23-187-02Jul 6, 2023
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

ABUS TVIP cameras (models 20000-21150) contain a vulnerability that allows arbitrary file reads or remote code execution. The vulnerability requires administrative credentials or high privilege access but has low attack complexity and is exploitable remotely. Public exploits are actively available. ABUS does not plan to patch these end-of-life models and instead recommends replacement with newer models such as TVIP82561.

What this means
What could happen
An attacker could read arbitrary files from the camera's storage or execute commands on the device, potentially compromising video feeds, accessing stored credentials, or using the device to pivot deeper into the network.
Who's at risk
Video surveillance operators and facility managers using ABUS TVIP 20000-21150 network cameras in water utilities, electric utilities, or other critical infrastructure. This affects any IP-based video monitoring systems that may be internet-exposed or accessible from untrusted networks.
How it could be exploited
An attacker with administrative (high privilege) credentials or access to the device's network interface can send specially crafted requests to the camera to read files or execute commands. Public exploits are available for this vulnerability, making exploitation straightforward for attackers with network access.
Prerequisites
  • Network access to the TVIP camera device (HTTP/HTTPS port)
  • Administrative-level credentials or high privilege access to the device
  • Camera must be reachable on the network
remotely exploitablepublicly available exploitslow complexityhigh EPSS score (37.2%)no patch availablehigh privilege credentials required
Exploitability
High exploit probability (EPSS 37.2%)
Affected products (1)
ProductAffected VersionsFix Status
TVIP: 20000-2115020000-21150No fix yet
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to TVIP cameras by implementing firewall rules to block unnecessary inbound connections and isolate cameras from the business network
HARDENINGDisable remote access to TVIP cameras or require VPN for any remote administration; ensure the VPN solution itself is kept current with security updates
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXReplace ABUS TVIP 20000-21150 cameras with newer models such as TVIP82561
Long-term hardening
0/1
HARDENINGSegment TVIP cameras and other surveillance systems onto an isolated network with restricted access from administrative workstations and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/af82edee-f3ef-4f50-a23a-e6d6b2f50b6d
ABUS TVIP | CVSS 7.2 - OTPulse