Stealing the Password
Any time you log in to a networked device, the user information should be encrypted or protected by some standardized process. While the impact of losing the credential data to an attacker might seem minimal when dealing with a printer or some other passive device, the fact that this camera is running BusyBox Linux means an attacker can cause all kinds of problems should he gain access to the file system of the camera. Unfortunately, the user/password information is only protected by Base64 encoding, which can quickly be decoded via a script or even online. To compound this problem, if the wireless network is not encrypted, anyone with a sniffer can also see this data and remotely log in.
The end result is that an attacker could take advantage of the scripting features of the camera and turn the camera into his own attack launch platform, as we will illustrate later in this article.