A pair of U.K. researchers demonstrated how you can exploit cross-site-scripting vulnerabilities in a Web-based video surveillance system’s software to control what it plays back. The Axis 2100 camera is no longer supported by the vendor, although it’s still widely installed in many organizations, according to the researchers. They argue in their white paper that despite this, and the fact that Axis has patched some of the bugs, the flaws are likely widespread. The researchers say this could be accomplished by launching a denial-of-service attack or some sort of social engineering ploy.”]
Source: https://www.darkreading.com/analytics/turning-the-surveillance-camera-around