Ah, the internet of things. Slap in wired or wireless network access to the control systems of anyting and things suddenly qualify as IoT.
There has been detected a security camera flaw involving stack buffer overflow vulnerability being dubbed "Devil's Ivy" which the common name for Epipremnum aureum, a species of flowering plant of the family Araceae.
It is native to French Polynesia and is so-named because it is practically impossible to kill.
It was named by the company which identified the flaw, Senrio, a firm with concerns in embedded device security.
This problm exists in gSOAP, which is a toolkit for SOAP/XML web services which is used as a "zero overhead" code generator for serialized XML.
gSOAP is a C and C++ software development toolkit for SOAP/XML web services and generic XML data bindings. If unpatched, it can provide a path to bypass security mechanisms for exploits and should be the cause for audits which may assist in problem determination.
The gSOAP tools generate efficient sources for XML serialization in C/C++ data.
It is commercially available through a company namned Genivia. They issued a new patch for gSOAP within 24 hours of being alerted to the issue — which is pretty doggone good compared to others in the operating system industry ... eh, Redmond ?!
The primary problem is the wide spread scope which is formidable given the vast array of software and hardware concerns implementing the product and those associated product lines themselves.
I'm thinking that my camera array is sufficiently locked down by the server to preclude any direct access antics. After all, penetration of a firewall should at least catch the logs attention ... but we'll just have to monitor, adjust, and HOPE !