Tagged: database

VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password 0

VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Vulnerability Note VU#923388 Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password Original Release date: 17 Feb 2016 | Last revised: 17 Feb 2016 Overview Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259 : Use of Hard-coded Password – CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann SWNVW-470CAM contain a hard-coded passwords allowing administrative or root access.

VU#899080: Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials 0

VU#899080: Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Vulnerability Note VU#899080 Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259 : Use of Hard-coded Password – CVE-2015-8286 According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default 0

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Vulnerability Note VU#507216 Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann “Classic Platform” switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257 : Storing Passwords in a Recoverable Format For all Hirschmann (part of Belden) “Classic Platform” switches (which includes the MACH series workgroup switches, among others), by default, the switch administrator password is used to construct an SNMP community string that allows remote management of some switch configuration

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability 0

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

Vulnerability Note VU#327976 Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability Original Release date: 11 Feb 2016 | Last revised: 11 Feb 2016 Overview Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119 : Improper Restriction of Operations within the Bound of a Memory Buffer – CVE-2016-1287 According to the advisory by Exodus Intelligence : The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium 0

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Vulnerability Note VU#305096 Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 05 Feb 2016 Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password 0

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password

Vulnerability Note VU#544527 OpenELEC and RasPlex have a hard-coded SSH root password Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259 : Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password once installed; furthermore, SSH access is enabled by default

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands 0

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Vulnerability Note VU#719736 Fisher-Price Smart Toy platform allows some unauthenticated web API commands Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries 0

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

Vulnerability Note VU#972224 Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries Original Release date: 01 Feb 2016 | Last revised: 01 Feb 2016 Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8265 Huawei Mobile WiFi E5151 and E5186 routers use static source ports for all DNS queries originating from the local area network (LAN).