CVE-2016-7834 Information

Description

SONY SNC-CH115 SNC-CH120 SNC-CH160 SNC-CH220 SNC-CH260 SNC-DH120 SNC-DH120T SNC-DH160 SNC-DH220 SNC-DH220T SNC-DH260 SNC-EB520 SNC-EM520 SNC-EM521 SNC-ZB550 SNC-ZM550 SNC-ZM551 SNC-EP550 SNC-EP580 SNC-ER550 SNC-ER550C SNC-ER580 SNC-ER585 SNC-ER585H SNC-ZP550 SNC-ZR550 SNC-EP520 SNC-EP521 SNC-ER520 SNC-ER521 SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600 SNC-CX600W SNC-EB600 SNC-EB600B SNC-EB602R SNC-EB630 SNC-EB630B SNC-EB632R SNC-EM600 SNC-EM601 SNC-EM602R SNC-EM602RC SNC-EM630 SNC-EM631 SNC-EM632R SNC-EM632RC SNC-VB600 SNC-VB600B SNC-VB600B5 SNC-VB630 SNC-VB6305 SNC-VB6307 SNC-VB632D SNC-VB635 SNC-VM600 SNC-VM600B SNC-VM600B5 SNC-VM601 SNC-VM601B SNC-VM602R SNC-VM630 SNC-VM6305 SNC-VM6307 SNC-VM631 SNC-VM632R SNC-WR600 SNC-WR602 SNC-WR602C SNC-WR630 SNC-WR632 SNC-WR632C SNC-XM631 SNC-XM632 SNC-XM636 SNC-XM637 SNC-VB600L SNC-VM600L SNC-XM631L SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://jvn.jp/en/vu/JVNVU96435227/index.html https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8