AVer Information EH6108H+ Authentication Bypass / Inforation Exposure

`Vulnerability Note VU#667480  
  
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities  
  
https://www.kb.cert.org/vuls/id/667480  
  
  
  
  
  
Overview:  
  
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly  
earlier, reportedly contains multiple vulnerabilities, including  
undocumented privileged accounts, authentication bypass, and information  
exposure.  
  
  
  
Description:  
  
AVer Information EH6108H+ hybrid DVR is an IP security camera management  
system and streaming video recorder. Version X9.03.24.00.07l and possibly  
earlier are reported to contain multiple vulnerabilities.  
  
  
  
CWE-798: Use of Hard-coded Credentials - CVE-2016-6535  
  
  
  
AVer Information EH6108H+ reportedly contains two undocumented, hard-coded  
account credentials. Both accounts have root privileges and may be used to  
gain access via an undocumented telnet service that cannot be disabled  
through the web user interface and runs by default.  
  
  
  
CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536  
  
  
  
By guessing the handle parameter of the /setup page of the web interface, an  
unauthenticated attacker reportedly may be able to access restricted pages  
and alter DVR configurations or change user passwords.  
  
  
  
CWE-200: Information Exposure - CVE-2016-6537  
  
  
  
User credentials are reported to be stored and transmitted in an insecure  
manner. In the configuration page of the web interface, passwords are stored  
in base64-encoded strings. In client requests, credentials are listed in  
plain text in the cookie header.  
  
  
  
For more information, refer to the researcher's disclosure.  
(https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-  
and-more)  
  
  
  
Impact:  
  
A remote, unauthenticated attacker may be able to gain access with root  
privileges to completely compromise vulnerable devices.  
  
  
  
Solution:  
  
The CERT/CC is currently unaware of a practical solution to this problem and  
recommends the following workaround.  
  
Restrict access  
  
  
  
As a general good security practice, only allow connections from trusted  
hosts and networks.  
  
  
  
References:  
  
http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/  
  
https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a  
nd-more  
  
https://cwe.mitre.org/data/definitions/798.html  
  
https://cwe.mitre.org/data/definitions/302.html  
  
https://cwe.mitre.org/data/definitions/200.html  
  
  
  
`