Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.
CWE-259: Use of Hard-coded Password - CVE-2015-8286
According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password. Remote attackers with knowledge of the password may gain root access to the device.
An unauthenticated remote attacker may gain root access to the device.
Apply an update if possible
Restrict network access
Thanks to Carsten Eiram of Risk Based Security for reporting these vulnerabilities.
This document was written by Garret Wassermann.
|Date First Published:||2016-02-17|
|Date Last Updated:||2016-02-19 19:49 UTC|