Sign-up

ID

VAR-201706-0071


CVE

CVE-2016-7830


TITLE

Mutiple SONY Videoconference Systems do not properly perform authentication

Trust: 0.8

sources: JVNDB: JVNDB-2016-000246

DESCRIPTION

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.The device may be logged in by the other user in the same subnetwork. As a result, the device may be manipulated by the user with administrative privileges. Sony PCS-XG100 and so on are Sony's network camera products. An authentication vulnerability exists in several Sony products. An attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Sony PCS-XG100, etc. The following products and versions are affected: PCS-XG100 with firmware version earlier than 1.51; PCS-XG100S with firmware version earlier than 1.51; PCS-XG100C with firmware version earlier than 1.51; PCS-XG77 with firmware version earlier than 1.51 ; PCS-XG77S with firmware version earlier than 1.51; PCS-XG77C with firmware version earlier than 1.51; PCS-XC1 with firmware version earlier than 1.22

Trust: 2.25

sources: NVD: CVE-2016-7830 // JVNDB: JVNDB-2016-000246 // CNVD: CNVD-2017-14141 // VULHUB: VHN-96650

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-14141

AFFECTED PRODUCTS

vendor:sonymodel:pcs-xg77scope:eqversion:1.50

Trust: 1.6

vendor:sonymodel:pcs-xg100scope:eqversion:1.50

Trust: 1.6

vendor:sonymodel:pcs-xg100scope:eqversion:1.42

Trust: 1.6

vendor:sonymodel:pcs-xg77scope:eqversion:1.42

Trust: 1.6

vendor:sonymodel:pcs-xc1scope: - version: -

Trust: 1.4

vendor:sonymodel:pcs-xg77sscope: - version: -

Trust: 1.4

vendor:sonymodel:pcs-xg77scope: - version: -

Trust: 1.4

vendor:sonymodel:pcs-xg100sscope: - version: -

Trust: 1.4

vendor:sonymodel:pcs-xg100scope: - version: -

Trust: 1.4

vendor:sonymodel:pcs-xc1scope:lteversion:1.21

Trust: 1.0

vendor:sonymodel:pcs-xc1scope:eqversion:1.21

Trust: 0.6

sources: CNVD: CNVD-2017-14141 // JVNDB: JVNDB-2016-000246 // CNNVD: CNNVD-201706-354 // NVD: CVE-2016-7830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7830
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000246
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-14141
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-354
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96650
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7830
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000246
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-14141
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-96650
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7830
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000246
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-14141 // VULHUB: VHN-96650 // JVNDB: JVNDB-2016-000246 // CNNVD: CNNVD-201706-354 // NVD: CVE-2016-7830

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-287

Trust: 0.8

sources: VULHUB: VHN-96650 // JVNDB: JVNDB-2016-000246 // NVD: CVE-2016-7830

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201706-354

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-354

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000246

PATCH
title:Notice regarding Video conference Network Security Enhancementurl:http://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf
Trust: 0.8
title:Software: PCS-XG100/XG77 V1.51.20 & PCS-XC1 V1.22.20url:https://www.sony.co.uk/pro/support/software/SET_160510_PSG/1
Trust: 0.8
title:Patches for multiple Sony product authentication vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/97891
Trust: 0.6
title:Multiple Sony Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70859
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-14141 // 
            
            
            
            JVNDB: JVNDB-2016-000246 // 
            
            
            
            CNNVD: CNNVD-201706-354

EXTERNAL IDS
db:NVDid:CVE-2016-7830
Trust: 3.1
db:JVNid:JVN42070907
Trust: 3.1
db:JVNDBid:JVNDB-2016-000246
Trust: 0.8
db:CNNVDid:CNNVD-201706-354
Trust: 0.7
db:CNVDid:CNVD-2017-14141
Trust: 0.6
db:VULHUBid:VHN-96650
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-14141 // 
            
            
            
            VULHUB: VHN-96650 // 
            
            
            
            JVNDB: JVNDB-2016-000246 // 
            
            
            
            CNNVD: CNNVD-201706-354 // 
            
            
            
            NVD: CVE-2016-7830

REFERENCES
url:https://jvn.jp/en/jp/jvn42070907/index.html
Trust: 3.1
url:https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7830
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7830
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-14141 // 
            
            
            
            VULHUB: VHN-96650 // 
            
            
            
            JVNDB: JVNDB-2016-000246 // 
            
            
            
            CNNVD: CNNVD-201706-354 // 
            
            
            
            NVD: CVE-2016-7830

SOURCES
db:CNVDid:CNVD-2017-14141
db:VULHUBid:VHN-96650
db:JVNDBid:JVNDB-2016-000246
db:CNNVDid:CNNVD-201706-354
db:NVDid:CVE-2016-7830

LAST UPDATE DATE
2025-04-20T23:42:13.018000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-14141date:2017-07-13T00:00:00
db:VULHUBid:VHN-96650date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2016-000246date:2018-01-17T00:00:00
db:CNNVDid:CNNVD-201706-354date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7830date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-14141date:2017-07-13T00:00:00
db:VULHUBid:VHN-96650date:2017-06-09T00:00:00
db:JVNDBid:JVNDB-2016-000246date:2016-12-16T00:00:00
db:CNNVDid:CNNVD-201706-354date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7830date:2017-06-09T16:29:01.080