The LSC Indoor Camera V7 is vulnerable to a high-severity buffer overflow that could allow an unauthenticated attacker to compromise the device remotely.

A buffer overflow vulnerability exists within the GetStreamUri function of the ONVIF implementation. An unauthenticated attacker can exploit this by sending a specially crafted ONVIF request to the device, leading to memory corruption.

The impact of a buffer overflow on an IoT device is severe, often leading to full device takeover or persistent unauthorized access to video streams. With a CVSS score of 7.2, this vulnerability poses a high risk to physical security and privacy, potentially allowing attackers to pivot from the camera into the wider corporate or home network.

Immediate Action: Update the camera firmware to the latest version provided by LSC immediately to patch the vulnerable ONVIF function.

Proactive Monitoring: Monitor network traffic for anomalous ONVIF traffic originating from untrusted internal or external IP addresses.

Compensating Controls: Isolate IoT devices like the LSC Indoor Camera on a dedicated VLAN and restrict access to the ONVIF port (typically 80 or 8080) using network firewalls.

Public Exploit Available: false

This vulnerability represents a significant privacy and security risk. It is strongly recommended to apply the firmware update immediately. If an update is unavailable, the device should be disconnected from the network or strictly firewalled to prevent unauthorized access to the vulnerable service.