A Maryland cybersecurity company said it found a vulnerability in surveillance software that could allow criminals to spy on and alter video surveillance feeds.
Tenable Inc., of Columbia, announced Monday that its research team found the exploit, which it called “Peekaboo”, in some versions of software on the NVRMini2, is a network-attached storage device and network video recorder made by NUUO.
Cybercriminals using the exploit could learn the access credentials for all video surveillance cameras attached to the affected video recorder, Tenable said in a news release.
The company said it informed NUUO of the vulnerability in accordance with its published policy. NUUO told Tenable it is working on a fix for the vulnerability, the company said.
Tenable has released a plugin to assess whether organizations are vulnerable to Peekaboo.