AI Thinker ESP32-CAM Module
From Wiki-IoT
Revision as of 02:16, 12 October 2025 by Jeandecian (talk | contribs) (Jeandecian moved page ESP32-CAM Module (Generic AI-Thinker Board) to AI Thinker ESP32-CAM Module without leaving a redirect)
Classification
| AI Thinker ESP32-CAM Module | |
|---|---|
| Classification | |
| Grade | F |
| Calculator version | [[:Category:Calculator v|]] |
| Classification date | |
| Information | |
| Name | ESP32-CAM AI-Thinker Development Board |
| Brand by Parent | AI-Thinker (generic) by Shenzhen AI-Thinker Technology Co., Ltd. |
| Generation | 1st |
| Model(s) | ESP32-CAM (OV2640 camera included) |
| Release date | 2018-11-29 |
| Type/Category | DIY Wi-Fi camera / development board |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 40 × 27 × 10 mm (board only) |
| Mass | 10 g |
| Operating system | FreeRTOS (ESP-IDF or Arduino) |
| Companion App | None (user firmware) |
| CPU | Xtensa®/RISC-V dual-core @ 240 MHz (ESP32-S) |
| GPU | None |
| Memory | 520 KB SRAM + 4 MB PSRAM (external) |
| Storage | 4 MB SPI NOR flash (no encryption) |
| Battery | None |
| Power | 5 V ⎓ 500 mA via micro-USB or 3.3 V header |
| Charging | micro-USB (no battery) |
| Display | None (only status LED |
| Camera | OV2640 2 MP, 1600×1200 @ 15 fps, 66° FOV, IR-cut optional |
| Sound | None (user can add I²S mic) |
| Connectivity | Wi-Fi 4 (802.11 b/g/n) 2.4 GHz only; no BLE/Ethernet |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Very common | [2] | All pins exposed, no case, schematic public |
| Known vulnerabilities | Very common | [3] | CVE-2019-12588 (KRACK), CVE-2020-15048 (buffer overflow) |
| Prior attacks | Very common | [4] | Thousands of open cameras indexed by Shodan; Mirai-ESP32 variant |
| Updatability | Rare | [5] | User must re-flash; no automatic OTA; clones never updated |
| Category score | 3 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [6] | HTTP/MJPEG/ONVIF via user code; no public cloud API |
| Communications | No encryption | [7] | HTTP only; TLS libraries exist but rarely flashed |
| Storage | No encryption | [8] | Flash dump in plaintext; Wi-Fi creds in clear |
| Category score | 3 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Absent | [9] | No accounts; single shared credentials if added |
| Authentication | Absent | [10] | No login by default; user can add HTTP basic auth manually |
| Brute-force protection | Absent | [11] | No lock-out, no CAPTCHA |
| Event logging | Absent | [12] | No logging framework; serial only |
| Passwords | Default/Common/Easy to guess | [13] | Many tutorials use admin/admin; no forced change |
| Category score | 3 | ||
| Grade | F |
|---|
