cvelistv5 - CVE-2016-7830

CVE-2016-7830 (GCVE-0-2016-7830)

Vulnerability from cvelistv5

Published

2017-06-09 16:00

Modified

2024-08-06 02:04

Severity ?

CWE

Authentication bypass

Summary

References

URL

Tags

vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory

Impacted products

Vendor

Product

Version

Sony Corporation

PCS-XG100

Version: firmware versions prior to Ver.1.51

Sony Corporation	PCS-XG100S	Version: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG100C	Version: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77	Version: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77S	Version: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77C	Version: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XC1	Version: firmware version prior to Ver.1.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:56.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
          },
          {
            "name": "JVN#42070907",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PCS-XG100",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG100S",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG100C",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77S",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77C",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XC1",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version prior to Ver.1.22"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-09T15:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
        },
        {
          "name": "JVN#42070907",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7830",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PCS-XG100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG100S",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG100C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77S",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XC1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version prior to Ver.1.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sony Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-7830",
    "datePublished": "2017-06-09T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:56.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7830\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-06-09T16:29:01.080\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\u00f3n 1.51 y dispositivos PCS-XC1 con versi\u00f3n de firmware anterior a la versi\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para realizar operaciones administrativas a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D66787-EA68-459A-8B6B-DDE3297A686F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E568C0-86AF-4886-9709-A83018CE6C2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB542813-B53F-44BD-B8D5-161667E77411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0817A1C4-2A4F-4D79-AC63-100A1D4B5998\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1374A1FF-C50E-442B-9549-E4F388946128\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030DCC5E-8633-4086-BAC9-F5FD4E7D46D4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEDB48B7-9DC3-422D-A649-7B7C094B4ED8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C667897-92BE-45E7-9B4D-426D80511D67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"657B512E-81A1-4603-904E-1875814BF48B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.21\",\"matchCriteriaId\":\"4D21324B-1210-4E7F-80FB-3FD284035B7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8141874D-CF91-4A17-A56E-EE8B10E0C66B\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN42070907/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN42070907/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

var-201706-0071

Vulnerability from variot

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.The device may be logged in by the other user in the same subnetwork. As a result, the device may be manipulated by the user with administrative privileges. Sony PCS-XG100 and so on are Sony's network camera products. An authentication vulnerability exists in several Sony products. An attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Sony PCS-XG100, etc. The following products and versions are affected: PCS-XG100 with firmware version earlier than 1.51; PCS-XG100S with firmware version earlier than 1.51; PCS-XG100C with firmware version earlier than 1.51; PCS-XG77 with firmware version earlier than 1.51 ; PCS-XG77S with firmware version earlier than 1.51; PCS-XG77C with firmware version earlier than 1.51; PCS-XC1 with firmware version earlier than 1.22

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pcs-xg77",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.50"
      },
      {
        "model": "pcs-xg100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.50"
      },
      {
        "model": "pcs-xg100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.42"
      },
      {
        "model": "pcs-xg77",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.42"
      },
      {
        "model": "pcs-xc1",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg77s",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg77",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg100s",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg100",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xc1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "1.21"
      },
      {
        "model": "pcs-xc1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "1.21"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:sony:pcs-xc1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sony:pcs-xg100",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sony:pcs-xg100s",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sony:pcs-xg77",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sony:pcs-xg77s",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      }
    ]
  },
  "cve": "CVE-2016-7830",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2016-7830",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000246",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-14141",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-96650",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-7830",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000246",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-7830",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2016-000246",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14141",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-354",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-96650",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.The device may be logged in by the other user in the same subnetwork. As a result, the device may be manipulated by the user with administrative privileges. Sony PCS-XG100 and so on are Sony\u0027s network camera products. An authentication vulnerability exists in several Sony products. An attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Sony PCS-XG100, etc. The following products and versions are affected: PCS-XG100 with firmware version earlier than 1.51; PCS-XG100S with firmware version earlier than 1.51; PCS-XG100C with firmware version earlier than 1.51; PCS-XG77 with firmware version earlier than 1.51 ; PCS-XG77S with firmware version earlier than 1.51; PCS-XG77C with firmware version earlier than 1.51; PCS-XC1 with firmware version earlier than 1.22",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7830",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN42070907",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "id": "VAR-201706-0071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      }
    ],
    "trust": 1.375
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:01:05.551000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Notice regarding Video conference Network Security Enhancement",
        "trust": 0.8,
        "url": "http://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
      },
      {
        "title": "Software: PCS-XG100/XG77 V1.51.20 \u0026 PCS-XC1 V1.22.20",
        "trust": 0.8,
        "url": "https://www.sony.co.uk/pro/support/software/SET_160510_PSG/1"
      },
      {
        "title": "Patches for multiple Sony product authentication vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/97891"
      },
      {
        "title": "Multiple Sony Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70859"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://jvn.jp/en/jp/jvn42070907/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7830"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7830"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "date": "2017-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "date": "2016-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "date": "2017-06-09T16:29:01.080000",
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      },
      {
        "date": "2024-11-21T02:58:33.323000",
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mutiple SONY Videoconference Systems do not properly perform authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ],
    "trust": 0.6
  }
}

gsd-2016-7830

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-7830

Aliases

CVE-2016-7830

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7830",
    "description": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
    "id": "GSD-2016-7830"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7830"
      ],
      "details": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
      "id": "GSD-2016-7830",
      "modified": "2023-12-13T01:21:21.117752Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2016-7830",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PCS-XG100",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG100S",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG100C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77S",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XC1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version prior to Ver.1.22"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authentication bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
          },
          {
            "name": "JVN#42070907",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7830"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-06-22T12:37Z",
      "publishedDate": "2017-06-09T16:29Z"
    }
  }
}

CVE-2016-7830

Vulnerability from jvndb

Published

2016-12-16 14:11

Modified

2018-01-17 14:03

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Mutiple SONY Videoconference Systems do not properly perform authentication

Details

Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN42070907/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7830
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Sony Corporation	PCS-XC1
	Sony Corporation	PCS-XG100
	Sony Corporation	PCS-XG100S
	Sony Corporation	PCS-XG77
	Sony Corporation	PCS-XG77S

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
  "dc:date": "2018-01-17T14:03+09:00",
  "dcterms:issued": "2016-12-16T14:11+09:00",
  "dcterms:modified": "2018-01-17T14:03+09:00",
  "description": "Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).\r\nThis user account has a privilege to view some of the system configuration files.  As a result, the device may be manipulated by an attacker with administrative privileges.\r\n\r\ntelnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default.  When this functionality is enabled, a user in the same subnetwork can login to the device.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:sony:pcs-xc1",
      "@product": "PCS-XC1",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg100",
      "@product": "PCS-XG100",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg100s",
      "@product": "PCS-XG100S",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg77",
      "@product": "PCS-XG77",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg77s",
      "@product": "PCS-XG77S",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.9",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000246",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN42070907/index.html",
      "@id": "JVN#42070907",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830",
      "@id": "CVE-2016-7830",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830",
      "@id": "CVE-2016-7830",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Mutiple SONY Videoconference Systems do not properly perform authentication"
}

cnvd-2017-14141

Vulnerability from cnvd

Title

多款Sony产品身份验证漏洞

Description

Sony PCS-XG100等都是日本索尼（Sony）公司的网络摄像机产品。多款Sony产品中存在身份验证漏洞。攻击者可利用该漏洞绕过身份验证，执行管理员操作。

Severity

中

Patch Name

多款Sony产品身份验证漏洞的补丁

Patch Description

Sony PCS-XG100等都是日本索尼（Sony）公司的网络摄像机产品。多款Sony产品中存在身份验证漏洞。攻击者可利用该漏洞绕过身份验证，执行管理员操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf?token=vVAQV7p7E-U4WnXAKw3T7ea0TRRWpM-y9zm5mSWBlAV6-LlK5H_zNcbu3p7DK3KA93TwY5ZwqQBFedDSHaVQXLC7I7o-8zrCO24TmpiEw92MIQZRg_gW96IpKvWHTJgSIzp5-VHOI-7tQEKmVTh9a_aZAJM.

Reference

https://jvn.jp/en/jp/JVN42070907/index.html

Impacted products

Name
['Sony PCS-XC1', 'Sony PCS-XG77S', 'Sony PCS-XG77', 'Sony PCS-XG100S', 'Sony PCS-XG100']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7830"
    }
  },
  "description": "Sony PCS-XG100\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u7f51\u7edc\u6444\u50cf\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u7ba1\u7406\u5458\u64cd\u4f5c\u3002",
  "discovererName": "Sony",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf?token=vVAQV7p7E-U4WnXAKw3T7ea0TRRWpM-y9zm5mSWBlAV6-LlK5H_zNcbu3p7DK3KA93TwY5ZwqQBFedDSHaVQXLC7I7o-8zrCO24TmpiEw92MIQZRg_gW96IpKvWHTJgSIzp5-VHOI-7tQEKmVTh9a_aZAJM.",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14141",
  "openTime": "2017-07-13",
  "patchDescription": "Sony PCS-XG100\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u7f51\u7edc\u6444\u50cf\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u7ba1\u7406\u5458\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSony\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Sony PCS-XC1",
      "Sony PCS-XG77S",
      "Sony PCS-XG77",
      "Sony PCS-XG100S",
      "Sony PCS-XG100"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN42070907/index.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-13",
  "title": "\u591a\u6b3eSony\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

fkie_cve-2016-7830

Vulnerability from fkie_nvd

Published

2017-06-09 16:29

Modified

2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
sony	pcs-xg100_firmware	1.50
sony	pcs-xg100	-
sony	pcs-xg100s	-
sony	pcs-xg100_firmware	1.42
sony	pcs-xg100c	-
sony	pcs-xg77_firmware	1.50
sony	pcs-xg77	-
sony	pcs-xg77s	-
sony	pcs-xg77_firmware	1.42
sony	pcs-xg77c	-
sony	pcs-xc1_firmware	*
sony	pcs-xc1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D66787-EA68-459A-8B6B-DDE3297A686F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E568C0-86AF-4886-9709-A83018CE6C2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB542813-B53F-44BD-B8D5-161667E77411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0817A1C4-2A4F-4D79-AC63-100A1D4B5998",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1374A1FF-C50E-442B-9549-E4F388946128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "030DCC5E-8633-4086-BAC9-F5FD4E7D46D4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDB48B7-9DC3-422D-A649-7B7C094B4ED8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C667897-92BE-45E7-9B4D-426D80511D67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "657B512E-81A1-4603-904E-1875814BF48B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D21324B-1210-4E7F-80FB-3FD284035B7A",
              "versionEndIncluding": "1.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8141874D-CF91-4A17-A56E-EE8B10E0C66B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\u00f3n 1.51 y dispositivos PCS-XC1 con versi\u00f3n de firmware anterior a la versi\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para realizar operaciones administrativas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-7830",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-09T16:29:01.080",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-xrc8-4cqr-4x7c

Vulnerability from github

Published

2022-05-17 02:40

Modified

2022-05-17 02:40

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-09T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
  "id": "GHSA-xrc8-4cqr-4x7c",
  "modified": "2022-05-17T02:40:33Z",
  "published": "2022-05-17T02:40:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-7830 (GCVE-0-2016-7830)

Vulnerability from cvelistv5

var-201706-0071

Vulnerability from variot

gsd-2016-7830

Vulnerability from gsd

CVE-2016-7830

Vulnerability from jvndb

cnvd-2017-14141

Vulnerability from cnvd

fkie_cve-2016-7830

Vulnerability from fkie_nvd

ghsa-xrc8-4cqr-4x7c

Vulnerability from github

Tags

Sightings

Nomenclature