CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.0%
Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs.
CWE-259**: Use of Hard-coded Password -**CVE-2015-8286
According to the researcher, the Swann SRNVW-470LCD and Swann SWNVW-470CAM contain a hard-coded passwords allowing administrative or root access. Other models may also be affected.
Current evidence suggests that the source of the hard-coded passwords in these models is CVE-2015-8286. The CERT/CC has published VU#899080 regarding CVE-2015-8286. However, the CERT/CC has not been able to confirm this with Swann.
CWE-288**: Authentication Bypass Using an Alternate Path or Channel -**CVE-2015-8287
According to the researcher, a remote attacker with knowledge of the correct URL may be able to stream the live video feed from an IP camera connected to the NVR. This URL does not authenticate users before displaying the video feed.
A remote unauthenticated attacker may be able to gain root access to the device, or view the live video feed.
The CERT/CC is currently unaware of a full solution to these issues.
Swann has stated that the hard-coded password issue has been addressed in firmware v2.6.0.1 of older DVR devices, firmware v0114 for the NVW-470LCD, and firmware v1022 for the NVW-470CAM. Updated firmware can be obtained from the Swann support portal.
However, the researcher disputes this update and has stated that the new NVW-470 firmware does not appear to address the issue. Swann has currently not replied to further inquiries regarding this dispute from the CERT/CC.
You may also consider the following mitigation:
Restrict network access
Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.
923388
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 05, 2015 Updated: February 17, 2016
Statement Date: October 01, 2015
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Swann stated in September 2015 that the hard-coded password issue has been addressed in firmware v2.6.0.1 of older DVR devices, firmware v0114 for the NVW-470LCD, and firmware v1022 for the NVW-470CAM. Updated firmware can be obtained from the Swann support portal.
However, the reporter states that these updates do not address the issue. Swann has currently not responded to further inquires about the firmware update from the CERT/CC.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23923388 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.3 | E:F/RL:OF/RC:C |
Environmental | 6.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
<http://www.swann.com/us/swnvw-470kit>
Thanks to Junia Valente of the Cyber-Physical Systems Security Lab at UT Dallas for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-8286, CVE-2015-8287 |
---|---|
Date Public: | 2016-02-17 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.0%