The default root user’s account is the only one with the correct shell enabled. Since the camera does not require knowledge of users’ old passwords when changing them, an attacker can wait for an appropriate time (while not in use) to change the root user’s account password through ...