{"vuid":"VU#913000","idnumber":"913000","name":"Samsung SRN-1670D camera contains multiple vulnerabilities","keywords":["dvr","camera","xor"],"overview":"The Samsung SRN-1670D camera contains multiple vulnerabilities.","clean_desc":"CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface provides too many details in errors messages, which may allow an attacker to determine user credentials. CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2015-8281 The firmware filesystem uses a weak custom encryption scheme based only on simple XOR operations. Vendors should not attempt to implement their own cryptographic methods. According to the researchers, the Samsung SRN-1670D (Web Viewer Version 1,0,0,193, Date Created 2013.10.26) is affected; other Samsung SRN model cameras may be affected. This device appears to be manufactured by another company named Hanwha. More information can be found in the researchers' blog.","impact":"An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem. Hanwha has stated that this model is no longer in production and will not receive any updates.","workarounds":"","sysaffected":"","thanks":"Thanks to Aristide Fattori, Luca Giancane and Roberto Paleari for reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["h","t","t","p",":","/","/","b","l","o","g",".","e","m","a","z","e",".","n","e","t","/","2","0","1","6","/","0","1","/","m","u","l","t","i","p","l","e","-","v","u","l","n","e","r","a","b","i","l","i","t","i","e","s","-","s","a","m","s","u","n","g","-","s","r","n",".","h","t","m","l"],"cveids":["CVE-2015-8279","CVE-2015-8280","CVE-2015-8281 "],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-11-02T12:50:51Z","publicdate":"2016-01-11T00:00:00Z","datefirstpublished":"2016-01-12T16:59:02Z","dateupdated":"2016-01-25T16:56:44Z","revision":25,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.8","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:N/A:N","cvss_temporalscore":"6.7","cvss_environmentalscore":"4.9930226388","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}