Security > miscellaneous – Vivotek FD9388-HTV 5MP Outdoor Network Dome Camera with Night Vision User Manual

VIVOTEK

User's Manual - 115

Security > Miscellaneous

The embedded TrendMicro utitlity provides the protection against Cross-Site Request

Forgery. Cross-site request forgery is also known as one-click attack or session riding and

is abbreviated as CSRF. CSRF is a type of malicious exploit of a website, in this case, the

camera. Unauthorized commands are transmitted from a user that the web application

trusts, using the mechanism of forging a trusted user's own request with a request

containing his own cookies, etc. Different ways can be used for a malicious website to

transmit such commands. They can be specially-crafted image tags, hidden forms, and

JavaScript XMLHttpRequests. The malicious attack can occur without users' interaction or

even knowing it.