{"vuid":"VU#899080","idnumber":"899080","name":"Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials","keywords":["dvr","hardcoded","password","CWE-259","supply chain"],"overview":"Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.","clean_desc":"CWE-259: Use of Hard-coded Password - CVE-2015-8286 According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password. Remote attackers with knowledge of the password may gain root access to the device. Furthermore, it was previously reported publicly that many of these devices enable remote access via telnet or port 9000 by default. The CERT/CC has not been able to confirm this information directly with Zhuhai RaySharp. The Vendor List below provides more information on each manufacturer that was reported to be vulnerable. The reporter, Risk Based Security, has provided security advisory RBS-2016-001 with more information.","impact":"An unauthenticated remote attacker may gain root access to the device.","resolution":"Apply an update if possible Some vendors have released updated firmware to address this issue. Please contact your device manufacturer for more information. The Vendor List below provides more information on each manufacturer that was reported to be vulnerable. If your vendor does not have an updated firmware available at this time, you may consider the following mitigations:","workarounds":"Restrict network access Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.","sysaffected":"","thanks":"Thanks to Carsten Eiram of Risk Based Security for reporting these vulnerabilities.","author":"This document was written by Garret Wassermann.","public":["https://www.riskbasedsecurity.com/research/RBS-2016-001.pdf","http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/","http://seclists.org/bugtraq/2015/Jun/117","http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"],"cveids":["CVE-2015-8286"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-09-08T12:17:13Z","publicdate":"2016-02-17T00:00:00Z","datefirstpublished":"2016-02-17T21:14:32Z","dateupdated":"2016-02-19T19:49:22Z","revision":71,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.5","cvss_environmentalscore":"6.4089697392","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}