PORT 23 TELNET OPEN WITH ROOT ACCESS.
If your setup was plug and play without having to port forward there is a big chance that the camera requested it’s ports to be opened up to the router. So automagically port 23 with root access, and 554 rtsp and 5000 would be open to the web. With all the random scans I get on an average day this camera wouldn’t go unnoticed very long.
So what about port 23 and telnet? Connecting to the root, would mean giving full control to anyone who can access the camera. This will require more research on my end maybe a part 3 is in order
This is an interesting read
Login in the DIGOO BB-M1X with a TELNET ios app reveals, not a lot yet
So, I tried to enter a generic command to get this:
BusyBox v1.21.0 well this is interesting a quick search reveals https://www.busybox.net/
More commands at https://www.busybox.net/downloads/BusyBox.html
PROBLEM 2: Got control? Where is ONVIF? I can’t get PTZ controls in Hassio. Apps are a pain to set up with this camera.
This leads nicely into another problem I am having with this camera.
PROBLEM 3: A few days ago I noticed the Digoo BB-M1X ip camera kept resetting its clock. As I just bought it I was thinking that my network setup was the problem and or the camera was broken.
I was going to allow local NTP access on port 123 but when checking the pfsense logs I didn’t see any access attempt records to the NTP server. (even when while still blocking internet access, I gave it access to my DNS server)
A few days in a row this happened.
I had previously assumed it was due to overloading the minuscule breaker capacity of this old leaning house. But alas I saw the time reset usually about 24 hours after I set it last. I am under the assumption now that it’s due to my complete restriction to allow it to communicate to any outside servers.
If it wont access a local NTP server then it’s probably trying to connect to a pre-programmed one within the IP addresses it tries to reach out to.
More poking around is required.
Where’s problem 3? Resolution to Problem 2? Closure? Not yet.
For the moment this camera is as secure as possible behind my firewall. One thing at a time.