|
[Japanese]
|
JVNDB-2016-006038
|
Multiple SONY network cameras vulnerable to sensitive information disclosure
|
|
Multiple SONY network cameras contain a sensitive information disclosure vulnerability.
SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of this case.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [NVD Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 3.3 (Low) [NVD Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
|
Sony Business Solution
|
Multiple products are affected.
For details, refer to the information provided by the developer.
|
|
Authentication information may be obtained by an unauthenticated user who can access the device.
As a result, the user can log in as an administrator and conduct any administrative operations.
|
|
[Update the Firmware]
Update the firmware to the latest version according to the information provided by the developer.
the information provided by the developer
https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras
|
|
Sony Business Solution
|
|
- Information Exposure(CWE-200) [NVD Evaluation]
|
|
- CVE-2016-7834
|
|
- JVN : JVNVU#96435227
- National Vulnerability Database (NVD) : CVE-2016-7834
|
|
- [2016/12/05]
Web page was published
[2017/05/23]
CVSS Severity was modified
Vendor Information : Content was added
CWE : CWE-ID was added
References : Contents were added
|
