CERTVU:913000Samsung SRN-1670D camera contains multiple vulnerabilities
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.581 Medium
EPSS
Percentile
97.7%
Overview
The Samsung SRN-1670D camera contains multiple vulnerabilities.
Description
CWE-264**: Permissions, Privileges, and Access Controls -**CVE-2015-8279
An undocumented PHP request may be used to read arbitrary files from the system.
CWE-200**: Information Exposure -**CVE-2015-8280
The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.
CWE-327**: Use of a Broken or Risky Cryptographic Algorithm -**CVE-2015-8281
The firmware filesystem uses a weak custom encryption scheme based only on simple XOR operations. Vendors should not attempt to implement their own cryptographic methods.
According to the researchers, the Samsung SRN-1670D (Web Viewer Version 1,0,0,193, Date Created 2013.10.26) is affected; other Samsung SRN model cameras may be affected. This device appears to be manufactured by another company named Hanwha.
More information can be found in the researchers’ blog.
Impact
An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.
Solution
The CERT/CC is currently unaware of a practical solution to this problem.
Hanwha has stated that this model is no longer in production and will not receive any updates.
Vendor Information
913000
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Hanwha __ Affected
Notified: November 09, 2015 Updated: January 25, 2016
Statement Date: January 13, 2016
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The model SRN-1670D is no longer supported and therefore no firmware update will be released. However, Hanwha says the fix will be integrated into firmware for newer models.
Samsung Mobile Unknown
Notified: November 09, 2015 Updated: November 09, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.8 | AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Temporal | 6.7 | E:POC/RL:U/RC:UR |
| Environmental | 5.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
<http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html>
Acknowledgements
Thanks to Aristide Fattori, Luca Giancane and Roberto Paleari for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-8279, CVE-2015-8280, [CVE-2015-8281 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8281 >) |
|---|---|
| Date Public: | 2016-01-11 Date First Published: |
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.581 Medium
EPSS
Percentile
97.7%