Moxa VPort 06EC-2V Series IP Cameras Vulnerabilities

Low Risk3vport-06ec-2v-series-ip-cameras-vulnerabilitiesMar 16, 2021

Summary

Moxa VPort 06EC-2V Series IP Cameras contain multiple vulnerabilities: 1. NULL Pointer Dereference (CVE-2021-25845): The device accepts authentication cookies consisting of only digits, allowing an attacker to brute force the authentication mechanism and bypass login controls to access device functions. 2. Integer Underflow (CVE-2021-25846, CVE-2021-25849): Attackers can craft malicious HTTP requests to cause the device to become unavailable. 3. Out-of-Bounds Read (CVE-2021-25847, CVE-2021-25848): Attackers can modify HTTP request elements to read sensitive information from the device or cause it to crash.

What this means

What could happen

An attacker could bypass authentication on the VPort cameras and either disrupt video surveillance operations or access sensitive configuration data, potentially revealing network topology or security settings.

Who's at risk

Facility operators managing IP-based video surveillance systems should be concerned, particularly those using Moxa VPort 06EC-2V cameras in critical infrastructure (water treatment, electric substations, wastewater facilities). Any camera directly accessible from your plant network is at risk of being disabled or compromised for reconnaissance.

How it could be exploited

An attacker on your network (or with access to the camera's IP address) can send crafted HTTP requests with modified parameters to trigger integer underflow or out-of-bounds read conditions. Alternatively, the attacker can brute force the authentication cookie since it accepts only numeric values, gaining unauthorized access to camera functions and configuration without valid credentials.

Prerequisites

Network access to the VPort 06EC-2V camera's HTTP interface (typically port 80 or 443)
No valid credentials required for authentication bypass or denial-of-service attacks

remotely exploitableno authentication requiredaffects safety/surveillance systemsno patch available

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

VPort 06EC-2VAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to VPort 06EC-2V cameras using firewall rules; allow HTTP/HTTPS access only from authorized management workstations or video management systems, not from general plant network segments

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate VPort 06EC-2V cameras on a dedicated, segmented network (DMZ or separate VLAN) separate from critical control systems and workstations

HARDENINGMonitor camera access logs and network traffic to the cameras for unusual HTTP requests or failed authentication attempts; set alerts if the device becomes unreachable

Mitigations - no patch available

0/1

VPort 06EC-2V has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGConsider replacing end-of-life VPort 06EC-2V cameras with current models that have vendor support and security patching

CVEs (5)

CVE-2021-25845 CVE-2021-25846 CVE-2021-25849 CVE-2021-25847 CVE-2021-25848

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b1ab2565-1661-4847-9005-69dedf1df37e