Vulnerability Note VU#301735
Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials
The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default.
CWE-798: Use of Hard-coded Credentials - CVE-2016-5081
According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for accessing the device via telnet. These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.
A remote unauthenticated attack with knowledge of the credentials may gain root access to the device.
Apply an update
Zmodo devices to the latest firmware as soon as possible. Please see their support announcement here.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|ZModo||Affected||11 May 2016||25 Aug 2016|
CVSS Metrics (Learn More)
Thanks to Garrett Miller and John Kotheimer for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5081 CVE-2016-5650
- Date Public: 11 Aug 2016
- Date First Published: 12 Aug 2016
- Date Last Updated: 26 Aug 2016
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.