This important alert is concerning certain systems and devices leveraging communications software known as “gSOAP” from Genivia, Inc., that may be vulnerable to a bug that can be remotely exploited to gain control of an affected system or cause a denial of service attack.

Certain systems and devices leveraging communications software known as “gSOAP” from Genivia, Inc. may be vulnerable to a bug that can be remotely exploited to gain control of an affected system or cause a denial of service attack. This vulnerability is commonly known as “Devil’s Ivy.” The most current information can be found at the NIST Website.

Manufacturers of network cameras and other [primarily] Linux-based devices that use this software are in the process of identifying affected products and releasing patches.

It is important to check with the manufacturer(s) of affected and suspect systems directly, and apply updates per their recommendations. As of the date of this post, Vector is aware of statements from the following manufacturers:

  • Arecont: Not affected
  • Avigilon: Affected. Patches released.
  • Axis: Affected. Patches released.
  • Bosch: Not affected
  • Exacq: Affected. Patches pending.
  • Ganz: Not affected
  • Genetec: Not affected
  • Hanwha: Not vulnerable
  • Hikvision: Not affected
  • Milestone: Affected. Patches pending.
  • Panasonic: Not affected
  • Pelco: Not vulnerable
  • Vivotek: Not affected

Vector Security is available to assist with patching or upgrading systems. For details, or to schedule a service appointment, please contact your local representative or our corporate office.