Tagged: models

VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password 0

VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Vulnerability Note VU#923388 Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password Original Release date: 17 Feb 2016 | Last revised: 17 Feb 2016 Overview Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259 : Use of Hard-coded Password – CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann SWNVW-470CAM contain a hard-coded passwords allowing administrative or root access.

NSA/GCHQ Exploits Against Juniper Networking Equipment 0

NSA/GCHQ Exploits Against Juniper Networking Equipment

The Intercept just published a 2011 GCHQ document outlining their exploit capabilities against Juniper networking equipment, including routers and NetScreen firewalls as part of this article . GCHQ currently has capabilities against: Juniper NetScreen Firewalls models Ns5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. Some reverse engineering maybe required depending on firmware revisions.

VU#438928: Huawei HG532 routers contain a path traversal vulnerability 0

VU#438928: Huawei HG532 routers contain a path traversal vulnerability

Vulnerability Note VU#438928 Huawei HG532 routers contain a path traversal vulnerability Original Release date: 06 Nov 2015 | Last revised: 06 Nov 2015 Overview Huawei HG532 routers, including the HG532e, n, s, and possibly other models, are vulnerable to arbitrary file access through path traversal. Description CWE-22 : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) – CVE-2015-7254 In vulnerable Huawei router models, the /icon/ path of requests to Internet-facing TCP port 37215 can be manipulated to gain access to arbitrary files. For instance, a remote, unauthenticated attacker could read the inittab file by directly requesting http:// :37215/icon/../../../etc/inittab

SB13-294: Vulnerability Summary for the Week of October 14, 2013 0

SB13-294: Vulnerability Summary for the Week of October 14, 2013

Original release date: October 21, 2013 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

SB13-280: Vulnerability Summary for the Week of September 30, 2013 0

SB13-280: Vulnerability Summary for the Week of September 30, 2013

Original release date: October 07, 2013 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT)