Nozomi Networks Labs recently identified vulnerabilities in the Inaba Denki Sangyo’s CHOCO TEI WATCHER mini (IB-MCT001) camera that enable attackers to remotely access live footage and disrupt stoppage recordings. Prevalent in Japanese production facilities, these cameras are used for analyzing production halts. These unpatched vulnerabilities in the IB-MCT001 cameras pose a risk, and without a vendor fix, organizations must implement available mitigations to manage the threat.
“The assessment uncovered four vulnerabilities that pose serious risks, such as the remote extraction of plaintext credentials, or the possibility to bypass authentication and send direct requests to sensitive API endpoints (forced browsing),” Nozomi researchers revealed in a blog post this week. “These flaws enable various attacks, allowing an unauthenticated attacker to remotely and secretly access live footage for surveillance or disrupt the recording of production line stoppages, preventing the capture of critical moments.”
Unfortunately, the vendor was only able to provide mitigations and not patches for the identified vulnerabilities, which as such are still unaddressed at the time of the release.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted in an advisory this week that Andrea Palanca of Nozomi Networks reported these vulnerabilities to Inaba Denki Sangyo and CISA.
In the advisory to the critical infrastructure sector, Inaba Denki Sangyo recommended that users deploy the product within LAN and block access from untrusted networks and hosts through firewalls. They must also use a firewall or virtual private network (VPN), etc., to prevent unauthorized access when Internet access is required, and restrict Internet access to a minimum and restrict the product operation (including use/handling of microSD cards on the product) only to authorized users.
Nozomi mentioned that identifying and addressing production line stoppages is key to efficiency, minimizing downtime, and maintaining productivity. Since unplanned halts cause financial losses, supply disruptions, and quality issues, understanding their cause and preventing recurrence is essential.
“The CHOCO TEI WATCHER mini (IB-MCT001) is a compact monitoring device developed to analyze brief production interruptions, commonly referred to as ‘choco tei,’ in manufacturing environments,” the post identified. “By capturing and visualizing these production stoppages, the device helps identify underlying causes and supports targeted process improvements. The device is designed for installation in confined spaces or within machinery, enabling comprehensive monitoring of various production areas. When a ‘stop’ signal from the production line is detected, the CHOCO TEI WATCHER mini automatically starts recording before and continues after the event, providing valuable insight for root-cause analysis.”
It added that the primary interface for interacting with the CHOCO TEI WATCHER mini is the CHOCO TEI VIEWER, a browser-based application that facilitates remote device management and monitoring over a network connection. “This web interface enables users to configure system, camera, and network settings without the need for specialized software. Users can view real-time video feeds, review stored footage, and download video files in Full HD resolution for detailed analysis. To ensure security, access to the viewer and configuration settings can be protected with customizable password options.”
The vulnerabilities in the CHOCO TEI WATCHER mini introduce serious security risks that could allow an unauthenticated attacker to bypass the login process and obtain full control of the device.
Nozomi researchers identified potential attack scenarios. These include covert surveillance of production lines and disruption of stoppage recordings.
In the case of covert surveillance of production lines, Nozomi detected that since the issues allow unauthorized access to the device, an attacker could remotely and covertly monitor live camera feeds, including video and audio. This could facilitate industrial espionage, allowing competitors or malicious actors to spy on proprietary manufacturing processes and gain insights into workflow optimizations, specialized machinery usage, or product assembly techniques. Additionally, it raises privacy concerns, as employees could be unknowingly monitored. Finally, attackers could analyze security weaknesses, such as unattended machinery or shift changes, to plan further actions.
Addressing the disruption of stoppage recordings, Nozomi found that the forced browsing vulnerability enables an attacker to manipulate or delete recorded footage, particularly the automatically captured video triggered by production line stoppages. “This could result in the loss of critical diagnostic footage, making it difficult to analyze and resolve operational inefficiencies, leading to prolonged downtime and increased costs. In industries that require stoppage recordings for quality control or regulatory compliance, missing or altered footage could result in production recalls. Additionally, a malicious insider could erase or modify footage to conceal intentional disruptions, equipment failures, or workplace incidents without being detected.”
Nozomi assesses that such attacks can be executed remotely without requiring authentication, prior access, or user interaction. “An attacker does not need valid credentials or administrative privileges—only the ability to exchange network packets with the device over a network. This means that if the CHOCO TEI WATCHER mini is exposed to the internet or accessible from an internal network, it becomes an easy target for exploitation.”
Nozomi called upon organizations using the CHOCO TEI WATCHER mini (IB-MCT001) camera to take proactive steps to mitigate the risks associated with these security flaws. The researchers put forward a couple of remediations to help protect existing installations.
Since most vulnerabilities can be exploited remotely by unauthenticated attackers, organizations should restrict and monitor network access to the device’s management web application, ensuring only trusted users can connect. Placing the device on a secured, isolated network and implementing strict firewall rules will help block unauthorized access. If remote access is necessary, it should be limited to verified users via VPN and strong authentication. Enabling logging and intrusion detection can further help detect and respond to unauthorized access attempts.
The Nozomi researchers also noted that CVE-2025-24852 requires physical access to the microSD card used by the device. To mitigate the risk of physical exploitation, the device should be installed in a secure, restricted area accessible only to authorized personnel. Since the microSD card cannot be encrypted, it should be physically secured to prevent unauthorized removal or tampering. Regular inspections can help ensure that the device and its storage remain intact and uncompromised.
