Security > miscellaneous – Vivotek SD9161-H-v2 2MP PTZ Network Dome Camera User Manual

VIVOTEK

130 - User's Manual

Security > Miscellaneous

The embedded TrendMicro utitlity provides the protection against Cross-Site Request

Forgery. Cross-site request forgery is also known as one-click attack or session riding and is

abbreviated as CSRF. CSRF is a type of malicious exploit of a website, in this case, the camera.

Unauthorized commands are transmitted from a user that the web application trusts, using the

mechanism of forging a trusted user's own request with a request containing his own cookies,

etc. Different ways can be used for a malicious website to transmit such commands. They can

be specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests. The malicious

attack can occur without users' interaction or even knowing it.