CVE-2016-7834

EPSS 39.46%
Veröffentlicht 13.04.2017 17:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sony ≫ Snc Series Firmware Version <= 1.8.5.00

   Sony ≫ Snc-cx600 Version-
   Sony ≫ Snc-cx600w Version-
   Sony ≫ Snc-eb600 Version-
   Sony ≫ Snc-eb600b Version-
   Sony ≫ Snc-eb602r Version-
   Sony ≫ Snc-eb630 Version-
   Sony ≫ Snc-eb630b Version-
   Sony ≫ Snc-eb632r Version-
   Sony ≫ Snc-em600 Version-
   Sony ≫ Snc-em601 Version-
   Sony ≫ Snc-em602r Version-
   Sony ≫ Snc-em602rc Version-
   Sony ≫ Snc-em630 Version-
   Sony ≫ Snc-em631 Version-
   Sony ≫ Snc-em632r Version-
   Sony ≫ Snc-em632rc Version-
   Sony ≫ Snc-vb600 Version-
   Sony ≫ Snc-vb600b Version-
   Sony ≫ Snc-vb600b5 Version-
   Sony ≫ Snc-vb600l Version-
   Sony ≫ Snc-vb630 Version-
   Sony ≫ Snc-vb6305 Version-
   Sony ≫ Snc-vb6307 Version-
   Sony ≫ Snc-vb632d Version-
   Sony ≫ Snc-vb635 Version-
   Sony ≫ Snc-vm600 Version-
   Sony ≫ Snc-vm600b Version-
   Sony ≫ Snc-vm600b5 Version-
   Sony ≫ Snc-vm600l Version-
   Sony ≫ Snc-vm601 Version-
   Sony ≫ Snc-vm601b Version-
   Sony ≫ Snc-vm602r Version-
   Sony ≫ Snc-vm630 Version-
   Sony ≫ Snc-vm6305 Version-
   Sony ≫ Snc-vm6307 Version-
   Sony ≫ Snc-vm631 Version-
   Sony ≫ Snc-vm632r Version-
   Sony ≫ Snc-wr600 Version-
   Sony ≫ Snc-wr602 Version-
   Sony ≫ Snc-wr602c Version-
   Sony ≫ Snc-wr602cl Version-
   Sony ≫ Snc-wr630 Version-
   Sony ≫ Snc-wr632 Version-
   Sony ≫ Snc-wr632c Version-
   Sony ≫ Snc-xm631 Version-
   Sony ≫ Snc-xm631l Version-
   Sony ≫ Snc-xm632 Version-
   Sony ≫ Snc-xm636 Version-
   Sony ≫ Snc-xm637 Version-

Sony ≫ Snc Series Firmware Version <= 2.7.0

   Sony ≫ Snc-ch115 Version-
   Sony ≫ Snc-ch120 Version-
   Sony ≫ Snc-ch160 Version-
   Sony ≫ Snc-ch220 Version-
   Sony ≫ Snc-ch260 Version-
   Sony ≫ Snc-dh120 Version-
   Sony ≫ Snc-dh120t Version-
   Sony ≫ Snc-dh160 Version-
   Sony ≫ Snc-dh220 Version-
   Sony ≫ Snc-dh220t Version-
   Sony ≫ Snc-dh260 Version-
   Sony ≫ Snc-eb520 Version-
   Sony ≫ Snc-em520 Version-
   Sony ≫ Snc-em521 Version-
   Sony ≫ Snc-ep520 Version-
   Sony ≫ Snc-ep521 Version-
   Sony ≫ Snc-ep550 Version-
   Sony ≫ Snc-ep580 Version-
   Sony ≫ Snc-er520 Version-
   Sony ≫ Snc-er521 Version-
   Sony ≫ Snc-er521c Version-
   Sony ≫ Snc-er550 Version-
   Sony ≫ Snc-er550c Version-
   Sony ≫ Snc-er580 Version-
   Sony ≫ Snc-er585 Version-
   Sony ≫ Snc-er585h Version-
   Sony ≫ Snc-zb550 Version-
   Sony ≫ Snc-zm550 Version-
   Sony ≫ Snc-zm551 Version-
   Sony ≫ Snc-zp550 Version-
   Sony ≫ Snc-zr550 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	39.46%	0.972

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://jvn.jp/en/vu/JVNVU96435227/index.html

Third Party Advisory

VDB Entry

https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-7834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7834

EUVD