Vulnerability Note VU#301735
Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials
The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default.
CWE-798: Use of Hard-coded Credentials - CVE-2016-5081
According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for accessing the device via telnet. These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.
A remote unauthenticated attack with knowledge of the credentials may gain root access to the device.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|ZModo||Affected||11 May 2016||25 Aug 2016|
CVSS Metrics (Learn More)
Thanks to Garrett Miller and John Kotheimer for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5081 CVE-2016-5650
- Date Public: 11 Aug 2016
- Date First Published: 12 Aug 2016
- Date Last Updated: 26 Aug 2016
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.