CVE-2026-40336

A flaw was found in libgphoto2, a camera access and control library. When processing a secondary enumeration list from certain Sony cameras, the ptpunpackSonyDPD function improperly handles memory allocation. This oversight causes a memory leak, which can lead to resource exhaustion and potential...

Linux Distros Unpatched Vulnerability : CVE-2026-40336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines...

CVE-2026-40336

Summary (CVE-2026-40336) libgphoto2 (versions up to and including 2.5.33) has a memory leak in PTP handling for Sony DPD secondary enumeration lists. In ptp-pack.c, ptp_unpack_Sony_DPD() overwrites dpd->FORM.Enum.SupportedValue with a new calloc() without freeing the prior allocation (offendin...

CVE-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

EUVD-2013-3474

Malware in sbrugna...

CVE-2025-5124

A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiat...

CVE-2025-5124

Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N (versions up to 1.30) are affected by a vulnerability in the Administrative Interface where default credentials can be used. The issue allows remote initiation, with high attack complexity and a high impact on confidenti...

PT-2025-22840 · Sony · Sony Snc-Ds10 +6

Name of the Vulnerable Software and Affected Versions: Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N versions up to 1.30 Description: A critical vulnerability has been found in the Administrative Interface of the affected Sony cameras, allowing for the use of defaul...

CVE-2013-3539

Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...

Sony IPELA E Series Camera 802dot1xclientcert Function Remote Code Execution Vulnerability

Sony IPELA cameras are network-oriented cameras for surveillance and monitoring. A stack buffer overflow vulnerability exists in the 802dot1xclientcert.cgi function of the Sony IPELA E-Series cameras, which allows an attacker to send a malicious POST request leading to remote code execution...

Multiple SONY network cameras information disclosure vulnerability

SONY SNC-CH115 and so on are the network camera products of Japan Sony Sony company. An information disclosure vulnerability exists in several SONY network cameras using firmware versions prior to 2.7.2. The vulnerability can be exploited by an attacker to log in to the device with administrator...

CVE-2016-7834

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550,...

Backdoor Vulnerability in Multiple Sony IPELA ENGINE IP Cameras

SNC-CH115, SNC-CH120 and SNC-CH160 are IP camera products from Sony. A backdoor vulnerability exists in multiple Sony IPELA ENGINE IP Cameras. A remote attacker can exploit the vulnerabilities to remotely manage the camera using Telnet/SSH services to gain root access to the Linux shell, affectin...

Multiple SONY network cameras vulnerable to sensitive information disclosure

Overview Multiple SONY network cameras contain a sensitive information disclosure vulnerability. SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of th...

CVE-2013-3539

Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...

Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

Overview The ActiveX Control for Sony SNC series network cameras contains a heap-based buffer overflow vulnerability. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer...