Executive Summary

Summary
Title Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password
Informations
Name VU#923388 First vendor Publication 2016-02-17
Vendor VU-CERT Last vendor Modification 2016-02-17
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#923388

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Original Release date: 17 Feb 2016 | Last revised: 17 Feb 2016

Overview

Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs.

Description

CWE-259: Use of Hard-coded Password - CVE-2015-8286


According to the researcher, the Swann SRNVW-470LCD and Swann SWNVW-470CAM contain a hard-coded passwords allowing administrative or root access. Other models may also be affected.

Current evidence suggests that the source of the hard-coded passwords in these models is CVE-2015-8286. The CERT/CC has published VU#899080 regarding CVE-2015-8286. However, the CERT/CC has not been able to confirm this with Swann.

CWE-288: Authentication Bypass Using an Alternate Path or Channel - CVE-2015-8287

According to the researcher, a remote attacker with knowledge of the correct URL may be able to stream the live video feed from an IP camera connected to the NVR. This URL does not authenticate users before displaying the video feed.

Impact

A remote unauthenticated attacker may be able to gain root access to the device, or view the live video feed.

Solution

The CERT/CC is currently unaware of a full solution to these issues.

Swann has stated that the hard-coded password issue has been addressed in firmware v2.6.0.1 of older DVR devices, firmware v0114 for the NVW-470LCD, and firmware v1022 for the NVW-470CAM. Updated firmware can be obtained from the Swann support portal.

However, the researcher disputes this update and has stated that the new NVW-470 firmware does not appear to address the issue. Swann has currently not replied to further inquiries regarding this dispute from the CERT/CC.

You may also consider the following mitigation:

Restrict network access

Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SwannUnknown05 Aug 201517 Feb 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.3E:F/RL:OF/RC:C
Environmental6.2CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.swann.com/us/swnvw-470kit

Credit

Thanks to Junia Valente of the Cyber-Physical Systems Security Lab at UT Dallas for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-8286CVE-2015-8287
  • Date Public:17 Feb 2016
  • Date First Published:17 Feb 2016
  • Date Last Updated:17 Feb 2016
  • Document Revision:58

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/923388

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-254 Security Features

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2016-03-07 17:29:02
  • Multiple Updates
2016-02-18 09:29:34
  • Multiple Updates
2016-02-18 00:28:55
  • Multiple Updates
2016-02-18 00:24:19
  • First insertion