CVE Details for CVE: CVE-2015-8286
Summary
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
| Timestamps | |
|---|---|
| Last major update | 07-03-2016 - 12:35 |
| Published | 18-02-2016 - 05:59 |
| Last modified | 07-03-2016 - 12:35 |
References
- http://seclists.org/bugtraq/2015/Jun/117
- http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html
- http://www.kb.cert.org/vuls/id/923388
- http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/
- http://www.kb.cert.org/vuls/id/899080
- https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root
CWE
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| COMPLETE | COMPLETE | COMPLETE |
CVSS3
Base
9.8
Impact
5.9
Exploitability
3.9
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | UNCHANGED | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| HIGH | HIGH | HIGH |
VIA4 references
cvss-vector
via4
cvss3-vector
via4
refmap
via4
| bugtraq | 20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders |
| cert-vn | |
| misc |
|