Vulnerability Note VU#667480
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure.
AVer Information EH6108H+ hybrid DVR is an IP security camera management system and streaming video recorder. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6535
A remote, unauthenticated attacker may be able to gain access with root privileges to completely compromise vulnerable devices.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AVer Information||Affected||16 May 2016||08 Sep 2016|
CVSS Metrics (Learn More)
Thanks to Travis Lee for reporting these vulnerabilities.
This document was written by Joel Land.
- CVE IDs: CVE-2016-6535 CVE-2016-6536 CVE-2016-6537
- Date Public: 13 Sep 2016
- Date First Published: 13 Sep 2016
- Date Last Updated: 22 Sep 2016
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.