Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

Comments

1 comment

Date Votes
  • Norman
    • Network Optix team
    Edited

    Hi Tome,

    Thank you for reaching out and sharing these details with us.

    We want to clarify that CVE-2022-34534 is a vulnerability report primarily associated with the firmware of 3rd party IP cameras (which are discontinued if I'm not mistaken), rather than an inherent exploit in our VMS software codebase.

    Regarding the specific report you referenced, only lines 1 through 4 apply to our software:

    Information Disclosure:
1. API call displays internal paths, IPs, OS version and architecture.
http://<SERVER IP>:7001/api/moduleInformation

    The rest of the CVE report involves separate cgi-bin paths and vulnerabilities that belong strictly to the camera application firmware, not our VMS software. Also, over time, the disclosed information has been reduced. 

    The /api/moduleInformation endpoint is unauthenticated by design because it handles system auto-discovery and connectivity functions, allowing Desktop Clients to discover and list active systems on a local network. While it does disclose system metadata, this disclosure cannot be used on its own to exploit or gain unauthorized control of the server. Knowing a System ID or internal IP does not grant a malicious actor access to the system.

    To protect your internal metadata from internet-wide scanning, we strongly recommend implementing standard network hardening practices:

    • Avoid Public Port Forwarding: Do not map port 7001 directly to a public IP address.
    • Utilize Cloud Connections: Connect the system via our secure Cloud layer, which uses secure outbound tunneling and completely eliminates the need to open or forward incoming ports on your firewall.
    • Restrict Traffic (Firewall ACLs): If port 7001 must be exposed, configure your router or firewall to only accept traffic from explicit, trusted source IP addresses.
    • Use a VPN: Require remote clients to connect via a secure VPN tunnel before they can communicate with the server.

    Best regards.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post