PT-2017-9385 · Sony · Sony Snc-Zb550+45

Published

2017-04-13

·

Updated

2017-04-25

·

CVE-2016-7834

CVSS v3.1

8.8

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C versions prior to 1.86.00 SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL versions prior to 2.7.2
Description The affected network cameras are prone to sensitive information disclosure, allowing an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.
Recommendations For SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C versions prior to 1.86.00: Update the firmware to version 1.86.00 or later. For SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL versions prior to 2.7.2: Update the firmware to version 2.7.2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-7834

Affected Products

Sony Snc-Ch115
Sony Snc-Ch120
Sony Snc-Ch160
Sony Snc-Ch220
Sony Snc-Ch260
Sony Snc-Cx600
Sony Snc-Dh120
Sony Snc-Dh220
Sony Snc-Eb520
Sony Snc-Eb600
Sony Snc-Eb602R
Sony Snc-Eb630
Sony Snc-Eb632R
Sony Snc-Em521
Sony Snc-Em601
Sony Snc-Em602R
Sony Snc-Em631
Sony Snc-Em632R
Sony Snc-Er521
Sony Snc-Ep550
Sony Snc-Ep580
Sony Snc-Er550
Sony Snc-Er585
Sony Snc-Vb600
Sony Snc-Vb600B
Sony Snc-Vb600B5
Sony Snc-Vb600L
Sony Snc-Vb630
Sony Snc-Vb6305
Sony Snc-Vb6307
Sony Snc-Vb632D
Sony Snc-Vb635
Sony Snc-Vm601
Sony Snc-Vm602R
Sony Snc-Vm631
Sony Snc-Vm632R
Sony Snc-Wr600
Sony Snc-Wr602
Sony Snc-Wr630
Sony Snc-Wr632
Sony Snc-Xm631
Sony Snc-Xm632
Sony Snc-Xm636
Sony Snc-Xm637
Sony Snc-Zb550
Sony Snc-Zm551