Vulnerability Note VU#899080
Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials
Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.
CWE-259: Use of Hard-coded Password - CVE-2015-8286
According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password. Remote attackers with knowledge of the password may gain root access to the device.
An unauthenticated remote attacker may gain root access to the device.
Apply an update if possible
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Swann||Affected||22 Sep 2015||19 Feb 2016|
|Zhuhai RaySharp||Affected||09 Sep 2015||17 Feb 2016|
|Axis Communications||Not Affected||08 Feb 2016||12 Feb 2016|
|Hanwha||Not Affected||08 Feb 2016||12 Feb 2016|
|COP USA||Unknown||09 Sep 2015||17 Feb 2016|
|CWD||Unknown||23 Sep 2015||17 Feb 2016|
|KGuard Security||Unknown||09 Sep 2015||17 Feb 2016|
|Konig Electronics||Unknown||23 Sep 2015||17 Feb 2016|
|Lorex Corporation||Unknown||09 Sep 2015||17 Feb 2016|
CVSS Metrics (Learn More)
Thanks to Carsten Eiram of Risk Based Security for reporting these vulnerabilities.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-8286
- Date Public: 17 Feb 2016
- Date First Published: 17 Feb 2016
- Date Last Updated: 19 Feb 2016
- Document Revision: 70
If you have feedback, comments, or additional information about this vulnerability, please send us email.