[<prev] [next>] [day] [month] [year] [list]
Message-ID: <01fd01d218ba$78ccd840$6a6688c0$@gmail.com>
Date: Tue, 27 Sep 2016 05:27:10 -0700
From: "Travis Lee" <eelsivart@...il.com>
To: <fulldisclosure@...lists.org>
Subject: [FD] Vulnerability Note VU#667480 - AVer EH6108H+ hybrid DVR
contains multiple vulnerabilities
Vulnerability Note VU#667480
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/667480
Overview:
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
undocumented privileged accounts, authentication bypass, and information
exposure.
Description:
AVer Information EH6108H+ hybrid DVR is an IP security camera management
system and streaming video recorder. Version X9.03.24.00.07l and possibly
earlier are reported to contain multiple vulnerabilities.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6535
AVer Information EH6108H+ reportedly contains two undocumented, hard-coded
account credentials. Both accounts have root privileges and may be used to
gain access via an undocumented telnet service that cannot be disabled
through the web user interface and runs by default.
CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536
By guessing the handle parameter of the /setup page of the web interface, an
unauthenticated attacker reportedly may be able to access restricted pages
and alter DVR configurations or change user passwords.
CWE-200: Information Exposure - CVE-2016-6537
User credentials are reported to be stored and transmitted in an insecure
manner. In the configuration page of the web interface, passwords are stored
in base64-encoded strings. In client requests, credentials are listed in
plain text in the cookie header.
For more information, refer to the researcher's disclosure.
(https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-
and-more)
Impact:
A remote, unauthenticated attacker may be able to gain access with root
privileges to completely compromise vulnerable devices.
Solution:
The CERT/CC is currently unaware of a practical solution to this problem and
recommends the following workaround.
Restrict access
As a general good security practice, only allow connections from trusted
hosts and networks.
References:
http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/
https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a
nd-more
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/302.html
https://cwe.mitre.org/data/definitions/200.html
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists