Sign-up

ID

VAR-201609-0103


CVE

CVE-2016-6537


TITLE

AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#667480

DESCRIPTION

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings. AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. AVerInformationEH6108H+hybridDVRVU is a DVR product from AVerInformation. AVerInformationEH6108H+hybridDVR has an information disclosure vulnerability. Attackers can exploit vulnerabilities to obtain sensitive information. A hard coded credentials vulnerability. 2. 3. AVer Information EH6108H+ X9.03.24.00.07l and prior are vulnerable. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities. Both accounts have root privileges and may be used to gain access via an undocumented telnet service that cannot be disabled through the web user interface and runs by default. CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536 By guessing the handle parameter of the /setup page of the web interface, an unauthenticated attacker reportedly may be able to access restricted pages and alter DVR configurations or change user passwords. CWE-200: Information Exposure - CVE-2016-6537 User credentials are reported to be stored and transmitted in an insecure manner. In the configuration page of the web interface, passwords are stored in base64-encoded strings. In client requests, credentials are listed in plain text in the cookie header. Solution: The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround. Restrict access As a general good security practice, only allow connections from trusted hosts and networks. References: http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/ https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a nd-more https://cwe.mitre.org/data/definitions/798.html https://cwe.mitre.org/data/definitions/302.html https://cwe.mitre.org/data/definitions/200.html

Trust: 3.33

sources: NVD: CVE-2016-6537 // CERT/CC: VU#667480 // JVNDB: JVNDB-2016-004817 // CNVD: CNVD-2016-07572 // BID: 92936 // VULHUB: VHN-95357 // PACKETSTORM: 138875

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07572

AFFECTED PRODUCTS

vendor:avermodel:eh6108h\+scope:eqversion:x9.03.24.00.07l

Trust: 1.6

vendor:avermodel:information eh6108h+ hybrid dvr x9.03.24.00.07lscope: - version: -

Trust: 0.9

vendor:aver informationmodel: - scope: - version: -

Trust: 0.8

vendor:aver informationmodel:eh6108h+scope: - version: -

Trust: 0.8

vendor:aver informationmodel:eh6108h+scope:eqversion:x9.03.24.00.07l

Trust: 0.8

sources: CERT/CC: VU#667480 // CNVD: CNVD-2016-07572 // BID: 92936 // JVNDB: JVNDB-2016-004817 // CNNVD: CNNVD-201609-278 // NVD: CVE-2016-6537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6537
value: HIGH

Trust: 1.0

NVD: CVE-2016-6537
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-07572
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-278
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95357
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6537
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07572
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95357
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6537
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07572 // VULHUB: VHN-95357 // JVNDB: JVNDB-2016-004817 // CNNVD: CNNVD-201609-278 // NVD: CVE-2016-6537

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-95357 // JVNDB: JVNDB-2016-004817 // NVD: CVE-2016-6537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-278

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201609-278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004817

PATCH
title:EH6108H Series - NVRs and Surveillance Softwareurl:http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004817

EXTERNAL IDS
db:CERT/CCid:VU#667480
Trust: 4.3
db:NVDid:CVE-2016-6537
Trust: 3.5
db:BIDid:92936
Trust: 2.6
db:JVNid:JVNVU95660277
Trust: 0.8
db:JVNDBid:JVNDB-2016-004817
Trust: 0.8
db:CNNVDid:CNNVD-201609-278
Trust: 0.7
db:CNVDid:CNVD-2016-07572
Trust: 0.6
db:VULHUBid:VHN-95357
Trust: 0.1
db:PACKETSTORMid:138875
Trust: 0.1
sources:
            
            
            CERT/CC: VU#667480 // 
            
            
            
            CNVD: CNVD-2016-07572 // 
            
            
            
            VULHUB: VHN-95357 // 
            
            
            
            BID: 92936 // 
            
            
            
            JVNDB: JVNDB-2016-004817 // 
            
            
            
            PACKETSTORM: 138875 // 
            
            
            
            CNNVD: CNNVD-201609-278 // 
            
            
            
            NVD: CVE-2016-6537

REFERENCES
url:http://www.kb.cert.org/vuls/id/667480
Trust: 3.5
url:http://www.securityfocus.com/bid/92936
Trust: 2.3
url:https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-and-more
Trust: 1.6
url:http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus/
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/302.html
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6537
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95660277/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6537
Trust: 0.8
url:http://news.softpedia.com/news/here-s-another-vulnerable-dvr-system-ready-to-become-a-ddos-botnet-508298.shtml
Trust: 0.6
url:http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-6537
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-6535
Trust: 0.1
url:https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-6536
Trust: 0.1
url:https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-
Trust: 0.1
sources:
            
            
            CERT/CC: VU#667480 // 
            
            
            
            CNVD: CNVD-2016-07572 // 
            
            
            
            VULHUB: VHN-95357 // 
            
            
            
            BID: 92936 // 
            
            
            
            JVNDB: JVNDB-2016-004817 // 
            
            
            
            PACKETSTORM: 138875 // 
            
            
            
            CNNVD: CNNVD-201609-278 // 
            
            
            
            NVD: CVE-2016-6537

CREDITS
Travis Lee
Trust: 1.0
sources:
            
            
            BID: 92936 // 
            
            
            
            PACKETSTORM: 138875 // 
            
            
            
            CNNVD: CNNVD-201609-278

SOURCES
db:CERT/CCid:VU#667480
db:CNVDid:CNVD-2016-07572
db:VULHUBid:VHN-95357
db:BIDid:92936
db:JVNDBid:JVNDB-2016-004817
db:PACKETSTORMid:138875
db:CNNVDid:CNNVD-201609-278
db:NVDid:CVE-2016-6537

LAST UPDATE DATE
2025-04-13T23:23:35.285000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#667480date:2016-09-22T00:00:00
db:CNVDid:CNVD-2016-07572date:2016-09-18T00:00:00
db:VULHUBid:VHN-95357date:2016-11-28T00:00:00
db:BIDid:92936date:2016-09-13T00:00:00
db:JVNDBid:JVNDB-2016-004817date:2016-09-26T00:00:00
db:CNNVDid:CNNVD-201609-278date:2016-09-19T00:00:00
db:NVDid:CVE-2016-6537date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#667480date:2016-09-13T00:00:00
db:CNVDid:CNVD-2016-07572date:2016-09-18T00:00:00
db:VULHUBid:VHN-95357date:2016-09-19T00:00:00
db:BIDid:92936date:2016-09-13T00:00:00
db:JVNDBid:JVNDB-2016-004817date:2016-09-26T00:00:00
db:PACKETSTORMid:138875date:2016-09-27T16:32:22
db:CNNVDid:CNNVD-201609-278date:2016-09-14T00:00:00
db:NVDid:CVE-2016-6537date:2016-09-19T01:59:09.383