Sign-up

ID

VAR-201612-0635


TITLE

Many Sony IPELA ENGINE IP Cameras have backdoor vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-11973

DESCRIPTION

SNC-CH115, SNC-CH120, SNC-CH160, etc. are Sony’s IP camera products. Many Sony IPELA ENGINE IP Cameras have backdoor vulnerabilities. Remote attackers can use the vulnerabilities to use Telnet/SSH services for remote management, thereby gaining root privileges of the Linux shell, affecting camera image quality and other functions.

Trust: 0.6

sources: CNVD: CNVD-2016-11973

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11973

AFFECTED PRODUCTS

vendor:sonymodel:ipela engine ip cameras snc-vb600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ch115scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ch120scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ch160scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ch220scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ch260scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-cx600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-cx600wscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh120scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh120tscope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh160scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh220scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh220tscope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-dh260scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb520scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb600bscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb602rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb630scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb630bscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-eb632rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em520scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em521scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em601scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em602rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em602rcscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em630scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em631scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em632rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-em632rcscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ep520scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ep521scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ep550scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-ep580scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er520scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er521scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er521cscope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er550scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er550cscope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er580scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er585scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-er585hscope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb600bscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb600b5scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb600lscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb630scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb6305scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb6307scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb632dscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vb635scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm600bscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm600b5scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm600lscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm601scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm601bscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm602rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm630scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm6305scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm6307scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm631scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-vm632rscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr600scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr602scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr602cscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr602clscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr630scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr632scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-wr632cscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-xm631scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-xm631lscope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-xm632scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-xm636scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-xm637scope:ltversion:2.7.2

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-zb550scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-zm550scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-zm551scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-zp550scope:ltversion:1.86.00

Trust: 0.6

vendor:sonymodel:ipela engine ip cameras snc-zr550scope:ltversion:1.86.00

Trust: 0.6

sources: CNVD: CNVD-2016-11973

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-11973
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-11973
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-11973

PATCH

title:Patch for Many Sony IPELA ENGINE IP Cameras have backdoor vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/85262

Trust: 0.6

sources: CNVD: CNVD-2016-11973

EXTERNAL IDS

db:CNVDid:CNVD-2016-11973

Trust: 0.6

sources: CNVD: CNVD-2016-11973

REFERENCES

url:https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_sony_ipela_engine_ip_cameras_backdoors_v10.txt

Trust: 0.6

sources: CNVD: CNVD-2016-11973

SOURCES

db:CNVDid:CNVD-2016-11973

LAST UPDATE DATE

2022-05-04T10:04:51.947000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11973date:2020-03-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11973date:2016-12-07T00:00:00