Lucene search

[email protected]CVE-2016-6537

HistorySep 19, 2016 - 1:59 a.m.

CVE-2016-6537

2016-09-1901:59:09

CWE-200

[email protected]

web.nvd.nist.gov

aver

eh6108h+

cleartext

base64

firmware

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.

Affected configurations

NVD

Node

avereh6108h\+_firmwareMatchx9.03.24.00.07l

AND

avereh6108h\+Match-

CPENameOperatorVersion
aver:eh6108h\+_firmwareaver eh6108h+ firmwareeqx9.03.24.00.07l

CPE	Name	Operator	Version
aver:eh6108h\+_firmware	aver eh6108h+ firmware	eq	x9.03.24.00.07l

References

www.kb.cert.org/vuls/id/667480

www.securityfocus.com/bid/92936

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for CVE-2016-6537

cvelist1 nvd1 prion1 zdt1 packetstorm1 cert1