AVer Information EH6108H+ Authentication Bypass / Inforation Exposure

2016-09-29T00:00:00
ID 1337DAY-ID-24942
Type zdt
Reporter Travis Lee
Modified 2016-09-29T00:00:00

Description

AVer Information EH6108H+ hybrid DVR suffers from authentication bypass, hard-coded credential, and information exposure vulnerabilities.

                                        
                                            AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

https://www.kb.cert.org/vuls/id/667480

 

 

Overview:

AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
undocumented privileged accounts, authentication bypass, and information
exposure.

 

Description:

AVer Information EH6108H+ hybrid DVR is an IP security camera management
system and streaming video recorder. Version X9.03.24.00.07l and possibly
earlier are reported to contain multiple vulnerabilities.

 

CWE-798: Use of Hard-coded Credentials - CVE-2016-6535

 

AVer Information EH6108H+ reportedly contains two undocumented, hard-coded
account credentials. Both accounts have root privileges and may be used to
gain access via an undocumented telnet service that cannot be disabled
through the web user interface and runs by default.

 

CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536

 

By guessing the handle parameter of the /setup page of the web interface, an
unauthenticated attacker reportedly may be able to access restricted pages
and alter DVR configurations or change user passwords.

 

CWE-200: Information Exposure - CVE-2016-6537

 

User credentials are reported to be stored and transmitted in an insecure
manner. In the configuration page of the web interface, passwords are stored
in base64-encoded strings. In client requests, credentials are listed in
plain text in the cookie header.

 

For more information, refer to the researcher's disclosure.
(https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-
and-more)

 

Impact:

A remote, unauthenticated attacker may be able to gain access with root
privileges to completely compromise vulnerable devices.

 

Solution:

The CERT/CC is currently unaware of a practical solution to this problem and
recommends the following workaround.

Restrict access

 

As a general good security practice, only allow connections from trusted
hosts and networks.

 

References:

http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/

https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a
nd-more

https://cwe.mitre.org/data/definitions/798.html

https://cwe.mitre.org/data/definitions/302.html

https://cwe.mitre.org/data/definitions/200.html

#  0day.today [2018-03-01]  #