19 matches found
EUVD-2016-7456
Malware in sbrugna...
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
Vulnerability Note VU667480 AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities https://www.kb.cert.org/vuls/id/667480 Overview: AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including...
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6535
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...
Format string
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
Design/Logic Flaw
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
Hardcoded credentials
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...
CVE-2016-6536
The CVE-2016-6536 issue affects AVer Information EH6108H+ hybrid DVRs (firmware X9.03.24.00.07l and possibly earlier). The vulnerability enables remote attackers to bypass page-access restrictions or modify passwords by guessing the handle parameter value on the web interface /setup page, potenti...
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6535
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
CVE-2016-6537
The CVE-2016-6537 entry relates to AVer Information EH6108H+ devices (firmware X9.03.24.00.07l and possibly earlier) that store passwords in base64 and expose credentials in HTTP cookies, enabling information exposure. Connected sources corroborate multiple vulnerabilities in the EH6108H+ DVR: ha...
CVE-2016-6535
CVE-2016-6535 affects AVer Information EH6108H+ hybrid DVR (firmware X9.03.24.00.07l). The vulnerability arises from hard-coded accounts with root privileges, enabling remote attackers to obtain root access via a default TELNET service. CERT/CC notes multiple issues in the device, including authe...
AVer Information EH6108H+ hybrid DVR Information Disclosure Vulnerability
The AVer Information EH6108H+ hybrid DVR VU is a hard disk recorder DVR product from Round Show AVer Information. An information disclosure vulnerability exists in the AVer Information EH6108H+ hybrid DVR. An attacker can exploit the vulnerability to obtain sensitive information...
AVer Information EH6108H+ hybrid DVR VU Hardcoded Credentials Vulnerability Vulnerability
The AVer Information EH6108H+ hybrid DVR VU is a hard disk recorder DVR product from Round Show AVer Information. A hard-coded credentials vulnerability exists in the AVer Information EH6108H+ hybrid DVR VU. An attacker can exploit the vulnerability to gain root privileges...
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
Overview AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Description AVer Information EH6108H+ hybrid DVR is an IP securit...