CVE-2015-8286 - OpenCVE

Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zhuhai	Raysharp Firmware

Configuration 1 [-]

cpe:2.3:o:zhuhai:raysharp_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html	Exploit
http://seclists.org/bugtraq/2015/Jun/117	Exploit
http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/
http://www.kb.cert.org/vuls/id/899080	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/923388	Third Party Advisory US Government Resource
https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2016-02-18T02:00:00

Updated: 2016-02-18T04:57:02

Reserved: 2015-11-19T00:00:00

Link: CVE-2015-8286

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-02-18T05:59:00.200

Modified: 2016-03-07T12:35:39.743

Link: CVE-2015-8286

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-02-18T04:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"}, {"tags": ["x_refsource_MISC"], "url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"}, {"name": "VU#899080", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/899080"}, {"name": "VU#923388", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/923388"}, {"tags": ["x_refsource_MISC"], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"}, {"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2015/Jun/117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-8286", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/", "refsource": "MISC", "url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"}, {"name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html", "refsource": "MISC", "url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"}, {"name": "VU#899080", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/899080"}, {"name": "VU#923388", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/923388"}, {"name": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root", "refsource": "MISC", "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"}, {"name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2015/Jun/117"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-8286", "datePublished": "2016-02-18T02:00:00", "dateReserved": "2015-11-19T00:00:00", "dateUpdated": "2016-02-18T04:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zhuhai:raysharp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92C2CCCD-9676-4CB8-B8F8-367777F9DF17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000."}, {"lang": "es", "value": "Firmware Zhuhai RaySharp tiene una contrase\u00f1a de root embebidas, lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n TCP en el puerto 23 o 9000."}], "id": "CVE-2015-8286", "lastModified": "2016-03-07T12:35:39.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-18T05:59:00.200", "references": [{"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://seclists.org/bugtraq/2015/Jun/117"}, {"source": "cret@cert.org", "url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/899080"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/923388"}, {"source": "cret@cert.org", "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}