CVE-2021-27392

Name of the Vulnerable Software and Affected Versions Siveillance Video Open Network Bridge versions 2018 R2 through 2020 R3

Description A vulnerability has been identified in Siveillance Video Open Network Bridge, where affected Open Network Bridges store user credentials for authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK, allowing an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. This issue is related to the use of a hard-coded cryptographic key in the software.

Recommendations For Siveillance Video Open Network Bridge versions 2018 R2 through 2020 R3, consider disabling the storage of user credentials for ONVIF authentication until a patch is available. Restrict access to the MIP SDK to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.