The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.
CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2015-8281
The firmware filesystem uses a weak custom encryption scheme based only on simple XOR operations. Vendors should not attempt to implement their own cryptographic methods.
According to the researchers, the Samsung SRN-1670D (Web Viewer Version 1,0,0,193, Date Created 2013.10.26) is affected; other Samsung SRN model cameras may be affected. This device appears to be manufactured by another company named Hanwha.
More information can be found in the researchers' blog.
An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.
The CERT/CC is currently unaware of a practical solution to this problem.
Hanwha has stated that this model is no longer in production and will not receive any updates.