Vulners
Lucene search
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | AVer Information EH6108H+ hybrid DVR VU Hardcoded Credentials Vulnerability Vulnerability | 18 Sep 201600:00 | – | cnvd |
| AVer Information EH6108H+ hybrid DVR VU authentication bypass vulnerability | 18 Sep 201600:00 | – | cnvd |
| AVer Information EH6108H+ hybrid DVR Information Disclosure Vulnerability | 18 Sep 201600:00 | – | cnvd |
 | CVE-2016-6535 | 19 Sep 201601:00 | – | cve |
| CVE-2016-6536 | 19 Sep 201601:00 | – | cve |
| CVE-2016-6537 | 19 Sep 201601:00 | – | cve |
 | CVE-2016-6535 | 19 Sep 201601:00 | – | cvelist |
| CVE-2016-6536 | 19 Sep 201601:00 | – | cvelist |
| CVE-2016-6537 | 19 Sep 201601:00 | – | cvelist |
 | EUVD-2016-7456 | 7 Oct 202500:30 | – | euvd |
10
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/667480
Overview:
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
undocumented privileged accounts, authentication bypass, and information
exposure.
Description:
AVer Information EH6108H+ hybrid DVR is an IP security camera management
system and streaming video recorder. Version X9.03.24.00.07l and possibly
earlier are reported to contain multiple vulnerabilities.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6535
AVer Information EH6108H+ reportedly contains two undocumented, hard-coded
account credentials. Both accounts have root privileges and may be used to
gain access via an undocumented telnet service that cannot be disabled
through the web user interface and runs by default.
CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536
By guessing the handle parameter of the /setup page of the web interface, an
unauthenticated attacker reportedly may be able to access restricted pages
and alter DVR configurations or change user passwords.
CWE-200: Information Exposure - CVE-2016-6537
User credentials are reported to be stored and transmitted in an insecure
manner. In the configuration page of the web interface, passwords are stored
in base64-encoded strings. In client requests, credentials are listed in
plain text in the cookie header.
For more information, refer to the researcher's disclosure.
(https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-
and-more)
Impact:
A remote, unauthenticated attacker may be able to gain access with root
privileges to completely compromise vulnerable devices.
Solution:
The CERT/CC is currently unaware of a practical solution to this problem and
recommends the following workaround.
Restrict access
As a general good security practice, only allow connections from trusted
hosts and networks.
References:
http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/
https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a
nd-more
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/302.html
https://cwe.mitre.org/data/definitions/200.html
# 0day.today [2018-03-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Sep 2016 00:00Current
8.9High risk
Vulners AI Score8.9
EPSS0.00802