Details of VAR-201602-0185

ID

VAR-201602-0185

CVE

CVE-2015-8287

TITLE

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Trust: 0.8

sources: CERT/CC: VU#923388

DESCRIPTION

Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Supplementary information : CWE Vulnerability type by CWE-288: Authentication Bypass Using an Alternate Path or Channel ( Avoid authentication through different paths and channels ) Has been identified. https://cwe.mitre.org/data/definitions/288.htmlUnspecified by a third party URL By accessing, you may be able to view live video. Swann SRNVW-470LCD and SWNVW-470CAM are both wireless high-definition monitoring systems of Swann Company in Australia. The system offers built-in infrared filter for night vision, storage of images to Micro SD card and other functions

Trust: 2.43

sources: NVD: CVE-2015-8287 // CERT/CC: VU#923388 // JVNDB: JVNDB-2015-006992 // VULHUB: VHN-86248

AFFECTED PRODUCTS

vendor:	swann	model:	srnvw-470lcd	scope:	lte	version:	0114	Trust: 1.0
vendor:	swann	model:	swnvw-470cam	scope:	lte	version:	1022	Trust: 1.0
vendor:	swann	model:	nvw-470cam	scope:	-	version:	-	Trust: 0.8
vendor:	swann	model:	nvw-470cam	scope:	lte	version:	1022	Trust: 0.8
vendor:	swann	model:	nvw-470lcd	scope:	-	version:	-	Trust: 0.8
vendor:	swann	model:	nvw-470lcd	scope:	lte	version:	0114	Trust: 0.8
vendor:	swann	model:	srnvw-470lcd	scope:	eq	version:	-	Trust: 0.6
vendor:	swann	model:	swnvw-470cam	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2015-006992 // CNNVD: CNNVD-201602-350 // NVD: CVE-2015-8287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8287
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-8287
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-350
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-86248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8287
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-86248
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8287
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-86248 // JVNDB: JVNDB-2015-006992 // CNNVD: CNNVD-201602-350 // NVD: CVE-2015-8287

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-006992 // NVD: CVE-2015-8287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-350

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201602-350

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006992

PATCH

title:

SWNVW-470KIT

url:

http://www.swann.com/us/swnvw-470kit

Trust: 0.8

sources: JVNDB: JVNDB-2015-006992

EXTERNAL IDS

db:	CERT/CC	id:	VU#923388	Trust: 3.3
db:	NVD	id:	CVE-2015-8287	Trust: 2.5
db:	JVN	id:	JVNVU99656630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006992	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-350	Trust: 0.7
db:	VULHUB	id:	VHN-86248	Trust: 0.1

sources: CERT/CC: VU#923388 // VULHUB: VHN-86248 // JVNDB: JVNDB-2015-006992 // CNNVD: CNNVD-201602-350 // NVD: CVE-2015-8287

REFERENCES

url:	http://www.kb.cert.org/vuls/id/923388	Trust: 2.5
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8287	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu99656630	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8287	Trust: 0.8
url:	http://console-cowboys.blogspot.jp/2013/01/swann-song-dvr-insecurity.html	Trust: 0.8

sources: CERT/CC: VU#923388 // VULHUB: VHN-86248 // JVNDB: JVNDB-2015-006992 // CNNVD: CNNVD-201602-350 // NVD: CVE-2015-8287

SOURCES

db:	CERT/CC	id:	VU#923388
db:	VULHUB	id:	VHN-86248
db:	JVNDB	id:	JVNDB-2015-006992
db:	CNNVD	id:	CNNVD-201602-350
db:	NVD	id:	CVE-2015-8287

LAST UPDATE DATE

2025-04-12T23:22:10.447000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#923388	date:	2016-02-17T00:00:00
db:	VULHUB	id:	VHN-86248	date:	2016-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-006992	date:	2016-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201602-350	date:	2016-02-19T00:00:00
db:	NVD	id:	CVE-2015-8287	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#923388	date:	2016-02-17T00:00:00
db:	VULHUB	id:	VHN-86248	date:	2016-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-006992	date:	2016-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201602-350	date:	2016-02-19T00:00:00
db:	NVD	id:	CVE-2015-8287	date:	2016-02-18T05:59:01.233