Anyone can listen to the camera s audio over the internet, without authentication. The bug (CVE-2019 3948) exists in the firmware of the Amcrest IP2M-841B IP home security video camera. The camera is based on OEM code from another vendor, Dahua, which the U.S. is considering blacklisting over espionage concerns. Other cameras that white-label the same Dahua camera may also be vulnerable, researcher Jacob Baines said.
Source: https://threatpost.com/trivial-bug-turns-home-security-cameras-into-listening-posts/146835/