Author: Cyberthreat Blog

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.