LSC Smart Connect Indoor PTZ Camera Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the LSC Smart Connect Indoor PTZ Camera, specifically in versions through 7.6.32. The issue arises in the 'tuya_ipc_direct_connect' function of the 'anyka_ipc' process, where improper input validation allows arbitrary code execution. This exploitation occurs during the Wi-Fi configuration process when a specially crafted QR code is scanned by the camera.

Impact

Exploitation of this vulnerability allows for remote arbitrary code execution on the affected camera.

Reproduction

To reproduce this vulnerability, generate a QR code that includes malicious payloads in the Wi-Fi password field. Once the QR code is created, present it to the camera during its Wi-Fi setup process. The camera will scan the QR code and execute the embedded commands, such as creating a file in the '/tmp' directory.

Remediation

Users are advised to disable the QR code Wi-Fi configuration feature until an official patch is released. Additionally, firmware updates should be applied as they become available from the manufacturer.