Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by zhuhai
VAR-201602-0184
Vulnerability from variot - Updated: 2023-12-18 12:06Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Zhuhai Allianz Technology Co., Ltd. Zhuhai Allianz Technology Co., Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "raysharp",
"scope": "eq",
"trust": 1.0,
"vendor": "zhuhai",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "swann",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zhuhai raysharp",
"version": null
},
{
"model": "zhuhai raysharp",
"scope": null,
"trust": 0.8,
"vendor": "zhuhai raysharp",
"version": null
},
{
"model": "raysharp for dvrs",
"scope": null,
"trust": 0.6,
"vendor": "zhuhai anlian ruishi",
"version": null
},
{
"model": "raysharp",
"scope": null,
"trust": 0.6,
"vendor": "zhuhai",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zhuhai:raysharp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"cve": "CVE-2015-8286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-001610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01417",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-86247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8286",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-8286",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-001610",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01417",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-349",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-86247",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Zhuhai Allianz Technology Co., Ltd. Zhuhai Allianz Technology Co., Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8286",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#899080",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#923388",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU99656630",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90746018",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610",
"trust": 0.8
},
{
"db": "BID",
"id": "83294",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01417",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86247",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"id": "VAR-201602-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01417"
}
]
},
"last_update_date": "2023-12-18T12:06:13.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Homepage",
"trust": 0.8,
"url": "http://raysharp.manufacturer.globalsources.com/si/6008826226857/homepage.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/bugtraq/2015/jun/117"
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"trust": 2.5,
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"trust": 1.7,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8286"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://www.riskbasedsecurity.com/research/rbs-2016-001.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8286"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99656630"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90746018"
},
{
"trust": 0.6,
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/#7b804d534fd2"
},
{
"trust": 0.6,
"url": "http://www.freebuf.com/news/7154.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#923388"
},
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#899080"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-86247"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"date": "2016-02-18T05:59:00.200000",
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#923388"
},
{
"date": "2016-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#899080"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"date": "2016-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-86247"
},
{
"date": "2016-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"date": "2016-03-07T12:35:39.743000",
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password",
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
],
"trust": 0.6
}
}
CVE-2015-8286 (GCVE-0-2015-8286)
Vulnerability from nvd – Published: 2016-02-18 02:00 – Updated: 2024-08-06 08:13
VLAI
Summary
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.forbes.com/sites/andygreenberg/2013/01… | x_refsource_MISC |
| http://console-cowboys.blogspot.com/2013/01/swann… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/899080 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/923388 | third-party-advisoryx_refsource_CERT-VN |
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| http://seclists.org/bugtraq/2015/Jun/117 | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-02-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-18T04:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html",
"refsource": "MISC",
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-8286",
"datePublished": "2016-02-18T02:00:00.000Z",
"dateReserved": "2015-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8286 (GCVE-0-2015-8286)
Vulnerability from cvelistv5 – Published: 2016-02-18 02:00 – Updated: 2024-08-06 08:13
VLAI
Summary
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.forbes.com/sites/andygreenberg/2013/01… | x_refsource_MISC |
| http://console-cowboys.blogspot.com/2013/01/swann… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/899080 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/923388 | third-party-advisoryx_refsource_CERT-VN |
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| http://seclists.org/bugtraq/2015/Jun/117 | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-02-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-18T04:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html",
"refsource": "MISC",
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"name": "VU#899080",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"name": "VU#923388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-8286",
"datePublished": "2016-02-18T02:00:00.000Z",
"dateReserved": "2015-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}