The ACE Security WiP-90113 HD Camera is vulnerable to an unauthenticated configuration disclosure flaw that allows attackers to steal sensitive device information.

This vulnerability is a configuration disclosure flaw that allows an unauthenticated, remote attacker to retrieve sensitive configuration files. The lack of proper access controls on the device's web interface enables the extraction of critical system settings.

The exposure of configuration files represents a critical privacy and security breach. Attackers can use the extracted data to gain deeper access to the camera, potentially viewing live feeds or using the device as a pivot point into the local network. With a CVSS score of 7.5, this vulnerability threatens the physical security and data privacy of the environment where the camera is deployed.

Immediate Action: Apply the latest firmware update from ACE Security to address the insecure configuration endpoint.

Proactive Monitoring: Inspect network traffic for unauthorized HTTP requests targeting configuration paths on IoT camera devices.

Compensating Controls: Place IP cameras on a segmented VLAN with no direct access to the internet and implement strict firewall rules to block unauthorized inbound traffic.

Public Exploit Available: false

The ability for unauthenticated users to pull sensitive configuration data is a major security failure. Administrators must ensure that all ACE Security WiP-90113 cameras are updated immediately and isolated from public-facing networks to mitigate the risk of unauthorized surveillance or network intrusion.