Executive Summary

Summary
Title Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials
Informations
Name VU#899080 First vendor Publication 2016-02-17
Vendor VU-CERT Last vendor Modification 2016-02-19
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#899080

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Original Release date: 17 Feb 2016 | Last revised: 19 Feb 2016

Overview

Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.

Description

CWE-259: Use of Hard-coded Password - CVE-2015-8286

According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password. Remote attackers with knowledge of the password may gain root access to the device.


Furthermore, it was previously reported publicly that many of these devices enable remote access via telnet or port 9000 by default.

The CERT/CC has not been able to confirm this information directly with Zhuhai RaySharp. The Vendor List below provides more information on each manufacturer that was reported to be vulnerable.

The reporter, Risk Based Security, has provided security advisory RBS-2016-001 with more information.

Impact

An unauthenticated remote attacker may gain root access to the device.

Solution

Apply an update if possible

Some vendors have released updated firmware to address this issue. Please contact your device manufacturer for more information. The Vendor List below provides more information on each manufacturer that was reported to be vulnerable.

If your vendor does not have an updated firmware available at this time, you may consider the following mitigations:

Restrict network access

Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SwannAffected22 Sep 201519 Feb 2016
Zhuhai RaySharpAffected09 Sep 201517 Feb 2016
Axis CommunicationsNot Affected08 Feb 201612 Feb 2016
HanwhaNot Affected08 Feb 201612 Feb 2016
COP USAUnknown09 Sep 201517 Feb 2016
CWDUnknown23 Sep 201517 Feb 2016
KGuard SecurityUnknown09 Sep 201517 Feb 2016
Konig ElectronicsUnknown23 Sep 201517 Feb 2016
Lorex CorporationUnknown09 Sep 201517 Feb 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.5E:POC/RL:U/RC:UR
Environmental6.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://www.riskbasedsecurity.com/research/RBS-2016-001.pdf
  • http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/
  • http://seclists.org/bugtraq/2015/Jun/117
  • http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html

Credit

Thanks to Carsten Eiram of Risk Based Security for reporting these vulnerabilities.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-8286
  • Date Public:17 Feb 2016
  • Date First Published:17 Feb 2016
  • Date Last Updated:19 Feb 2016
  • Document Revision:70

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/899080

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-254 Security Features

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2016-03-07 17:29:01
  • Multiple Updates
2016-02-19 21:29:03
  • Multiple Updates
2016-02-19 21:24:06
  • Multiple Updates
2016-02-18 17:30:28
  • Multiple Updates
2016-02-18 17:25:47
  • Multiple Updates
2016-02-18 09:29:29
  • Multiple Updates
2016-02-18 00:28:54
  • Multiple Updates
2016-02-18 00:24:15
  • First insertion