Details of VAR-201708-0323

ID

VAR-201708-0323

CVE

CVE-2015-4464

TITLE

Kguard Digital Video Recorder 104 and 108 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007803

DESCRIPTION

Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. Kguard Digital Video Recorder 104 and 108 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Kguard Digital Video Recorder (DVR) is a digital hard disk recorder from Kguard. There is a command injection vulnerability in Kguard Digital Video Recorder. An attacker could exploit this vulnerability to execute arbitrary commands in the context of an affected application. KguardDVR has security bypass, information disclosure, denial of service, and command injection vulnerabilities. An information-disclosure vulnerability 3. Multiple denial-of-service vulnerability 4

Trust: 4.68

sources: NVD: CVE-2015-4464 // JVNDB: JVNDB-2015-007803 // CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361 // BID: 73032 // VULHUB: VHN-82425

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 3.0

sources: CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361

AFFECTED PRODUCTS

vendor:	kguard	model:	digital video recorder	scope:	-	version:	-	Trust: 2.4
vendor:	kguardsecurity	model:	kg-sha104	scope:	eq	version:	2.0	Trust: 1.6
vendor:	kguardsecurity	model:	kg-sha108	scope:	eq	version:	2.0	Trust: 1.6
vendor:	kguard security	model:	kg-sha104	scope:	eq	version:	2	Trust: 0.8
vendor:	kguard security	model:	kg-sha108	scope:	eq	version:	2	Trust: 0.8
vendor:	kguard	model:	digital video recorder	scope:	eq	version:	1042.0	Trust: 0.6
vendor:	kguard	model:	digital video recorder108	scope:	eq	version:	2.0	Trust: 0.6

sources: CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361 // JVNDB: JVNDB-2015-007803 // CNNVD: CNNVD-201507-141 // NVD: CVE-2015-4464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4464
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-4464
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2015-04359
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2017-29428
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2015-04360
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2015-04368
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2015-04361
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-141
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82425
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4464
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04359
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2017-29428
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-04360
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-04368
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-04361
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82425
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-4464
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361 // VULHUB: VHN-82425 // JVNDB: JVNDB-2015-007803 // CNNVD: CNNVD-201507-141 // NVD: CVE-2015-4464

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-82425 // JVNDB: JVNDB-2015-007803 // NVD: CVE-2015-4464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-141

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201507-141

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007803

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-82425

EXTERNAL IDS

db:	BID	id:	73032	Trust: 5.0
db:	NVD	id:	CVE-2015-4464	Trust: 3.4
db:	PACKETSTORM	id:	132437	Trust: 2.5
db:	JVNDB	id:	JVNDB-2015-007803	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-141	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04359	Trust: 0.6
db:	CNVD	id:	CNVD-2017-29428	Trust: 0.6
db:	CNVD	id:	CNVD-2015-04360	Trust: 0.6
db:	CNVD	id:	CNVD-2015-04368	Trust: 0.6
db:	CNVD	id:	CNVD-2015-04361	Trust: 0.6
db:	VULHUB	id:	VHN-82425	Trust: 0.1

sources: CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361 // VULHUB: VHN-82425 // BID: 73032 // JVNDB: JVNDB-2015-007803 // CNNVD: CNNVD-201507-141 // NVD: CVE-2015-4464

REFERENCES

url:	http://www.securityfocus.com/bid/73032	Trust: 4.7
url:	http://packetstormsecurity.com/files/132437/kguard-digital-video-recorder-bypass-issues.html	Trust: 2.5
url:	https://www.academia.edu/11677554/kguard_digital_video_recorders_multiple_vulnerabilities	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/535822/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4464	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4464	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/535822/100/0/threaded	Trust: 0.6
url:	http://seclists.org/bugtraq/2015/mar/34	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/jun/117	Trust: 0.3
url:	http://us.kworld-global.com/main/prod_in.aspx?mnuid=1306&modid=10&prodid=527&flag=1	Trust: 0.3

sources: CNVD: CNVD-2015-04359 // CNVD: CNVD-2017-29428 // CNVD: CNVD-2015-04360 // CNVD: CNVD-2015-04368 // CNVD: CNVD-2015-04361 // VULHUB: VHN-82425 // BID: 73032 // JVNDB: JVNDB-2015-007803 // CNNVD: CNNVD-201507-141 // NVD: CVE-2015-4464

CREDITS

Federick Joe P Fajardo

Trust: 0.9

sources: BID: 73032 // CNNVD: CNNVD-201507-141

SOURCES

db:	CNVD	id:	CNVD-2015-04359
db:	CNVD	id:	CNVD-2017-29428
db:	CNVD	id:	CNVD-2015-04360
db:	CNVD	id:	CNVD-2015-04368
db:	CNVD	id:	CNVD-2015-04361
db:	VULHUB	id:	VHN-82425
db:	BID	id:	73032
db:	JVNDB	id:	JVNDB-2015-007803
db:	CNNVD	id:	CNNVD-201507-141
db:	NVD	id:	CVE-2015-4464

LAST UPDATE DATE

2025-04-20T23:24:55.476000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04359	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2017-29428	date:	2017-10-10T00:00:00
db:	CNVD	id:	CNVD-2015-04360	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2015-04368	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2015-04361	date:	2015-07-09T00:00:00
db:	VULHUB	id:	VHN-82425	date:	2018-10-09T00:00:00
db:	BID	id:	73032	date:	2015-07-15T00:45:00
db:	JVNDB	id:	JVNDB-2015-007803	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-141	date:	2017-08-23T00:00:00
db:	NVD	id:	CVE-2015-4464	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04359	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2017-29428	date:	2017-10-10T00:00:00
db:	CNVD	id:	CNVD-2015-04360	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2015-04368	date:	2015-07-09T00:00:00
db:	CNVD	id:	CNVD-2015-04361	date:	2015-07-09T00:00:00
db:	VULHUB	id:	VHN-82425	date:	2017-08-18T00:00:00
db:	BID	id:	73032	date:	2015-03-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-007803	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-141	date:	2015-03-10T00:00:00
db:	NVD	id:	CVE-2015-4464	date:	2017-08-18T18:29:01