Sign-up

ID

VAR-201807-0051


CVE

CVE-2016-6553


TITLE

Nuuo NT-4040 firmware contains insecure default credentials

Trust: 0.8

sources: CERT/CC: VU#326395

DESCRIPTION

Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device. NUUO Titan NVR NT-4040 The common authentication information is set in. Nuuo NT-4040 Titan is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. NUUO NT-4040 Titan is a compatible stand-alone network video recorder from NUUO

Trust: 2.79

sources: NVD: CVE-2016-6553 // CERT/CC: VU#326395 // JVNDB: JVNDB-2016-005559 // BID: 93807 // VULHUB: VHN-95373 // VULMON: CVE-2016-6553

AFFECTED PRODUCTS

vendor:nuuomodel:nt-4040 titanscope:eqversion:nt-4040_01.07.0000.0015_1120

Trust: 1.6

vendor:nuuomodel: - scope: - version: -

Trust: 0.8

vendor:nuuomodel:nt-4040 titanscope: - version: -

Trust: 0.8

vendor:nuuomodel:nt-4040 titan nt-4040 01.07.0000.0scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#326395 // BID: 93807 // JVNDB: JVNDB-2016-005559 // CNNVD: CNNVD-201610-694 // NVD: CVE-2016-6553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6553
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6553
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2016-005559
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-694
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95373
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6553
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6553
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2016-6553
severity: MEDIUM
baseScore: 6.9
vectorString: NONE
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2016-005559
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-95373
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6553
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-005559
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#326395 // VULHUB: VHN-95373 // VULMON: CVE-2016-6553 // JVNDB: JVNDB-2016-005559 // CNNVD: CNNVD-201610-694 // NVD: CVE-2016-6553

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-95373 // JVNDB: JVNDB-2016-005559 // NVD: CVE-2016-6553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-694

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201610-694

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005559

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#326395

PATCH
title:NUUO Titan NVRurl:http://www.nuuo.com/ProductNode.php?stid=0001&node=1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005559

EXTERNAL IDS
db:CERT/CCid:VU#326395
Trust: 3.7
db:NVDid:CVE-2016-6553
Trust: 2.9
db:BIDid:93807
Trust: 2.1
db:JVNid:JVNVU97115817
Trust: 0.8
db:JVNDBid:JVNDB-2016-005559
Trust: 0.8
db:CNNVDid:CNNVD-201610-694
Trust: 0.7
db:VULHUBid:VHN-95373
Trust: 0.1
db:VULMONid:CVE-2016-6553
Trust: 0.1
sources:
            
            
            CERT/CC: VU#326395 // 
            
            
            
            VULHUB: VHN-95373 // 
            
            
            
            VULMON: CVE-2016-6553 // 
            
            
            
            BID: 93807 // 
            
            
            
            JVNDB: JVNDB-2016-005559 // 
            
            
            
            CNNVD: CNNVD-201610-694 // 
            
            
            
            NVD: CVE-2016-6553

REFERENCES
url:https://www.kb.cert.org/vuls/id/326395
Trust: 3.0
url:http://www.securityfocus.com/bid/93807
Trust: 1.9
url:https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Trust: 1.6
url:http://cwe.mitre.org/data/definitions/255.html
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6553
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97115817/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6553
Trust: 0.8
url:http://www.nuuo.com/
Trust: 0.3
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CERT/CC: VU#326395 // 
            
            
            
            VULHUB: VHN-95373 // 
            
            
            
            VULMON: CVE-2016-6553 // 
            
            
            
            BID: 93807 // 
            
            
            
            JVNDB: JVNDB-2016-005559 // 
            
            
            
            CNNVD: CNNVD-201610-694 // 
            
            
            
            NVD: CVE-2016-6553

CREDITS
Ory Segal and Ezra Caltum
Trust: 0.9
sources:
            
            
            BID: 93807 // 
            
            
            
            CNNVD: CNNVD-201610-694

SOURCES
db:CERT/CCid:VU#326395
db:VULHUBid:VHN-95373
db:VULMONid:CVE-2016-6553
db:BIDid:93807
db:JVNDBid:JVNDB-2016-005559
db:CNNVDid:CNNVD-201610-694
db:NVDid:CVE-2016-6553

LAST UPDATE DATE
2024-11-23T23:05:05.219000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#326395date:2016-12-13T00:00:00
db:VULHUBid:VHN-95373date:2019-10-09T00:00:00
db:VULMONid:CVE-2016-6553date:2019-10-09T00:00:00
db:BIDid:93807date:2016-10-26T00:17:00
db:JVNDBid:JVNDB-2016-005559date:2016-10-24T00:00:00
db:CNNVDid:CNNVD-201610-694date:2019-10-17T00:00:00
db:NVDid:CVE-2016-6553date:2024-11-21T02:56:20.557

SOURCES RELEASE DATE
db:CERT/CCid:VU#326395date:2016-10-20T00:00:00
db:VULHUBid:VHN-95373date:2018-07-13T00:00:00
db:VULMONid:CVE-2016-6553date:2018-07-13T00:00:00
db:BIDid:93807date:2016-10-21T00:00:00
db:JVNDBid:JVNDB-2016-005559date:2016-10-24T00:00:00
db:CNNVDid:CNNVD-201610-694date:2016-10-25T00:00:00
db:NVDid:CVE-2016-6553date:2018-07-13T20:29:00.707