CNVD-2015-05128

Vulnerability from cnvd - Published: 2015-09-07
VLAI Severity ?
Title
大华摄像头onvif协议身份认证漏洞
Description
浙江大华技术股份有限公司是领先的监控产品供应商和解决方案服务商,面向全球提供领先的视频存储、前端、显示控制和智能交通等系列化产品。 大华IPC-HF2100等摄像头onvif协议的snapshot接口访问不需要身份认证,允许攻击者可直接获得摄像头实时视频图像。
Severity
Patch Name
大华摄像头onvif协议身份认证漏洞
Patch Description
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。
Formal description

onvif协议的接口访问都需要身份认证

Impacted products
Name
浙江大华技术股份有限公司 IPC-HF2100 2.420.0000.0.R
Show details on source website
To clipboard Create KEV Entry 

{
  "description": "\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u662f\u9886\u5148\u7684\u76d1\u63a7\u4ea7\u54c1\u4f9b\u5e94\u5546\u548c\u89e3\u51b3\u65b9\u6848\u670d\u52a1\u5546,\u9762\u5411\u5168\u7403\u63d0\u4f9b\u9886\u5148\u7684\u89c6\u9891\u5b58\u50a8\u3001\u524d\u7aef\u3001\u663e\u793a\u63a7\u5236\u548c\u667a\u80fd\u4ea4\u901a\u7b49\u7cfb\u5217\u5316\u4ea7\u54c1\u3002\r\n\r\n\u5927\u534eIPC-HF2100\u7b49\u6444\u50cf\u5934onvif\u534f\u8bae\u7684snapshot\u63a5\u53e3\u8bbf\u95ee\u4e0d\u9700\u8981\u8eab\u4efd\u8ba4\u8bc1\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u76f4\u63a5\u83b7\u5f97\u6444\u50cf\u5934\u5b9e\u65f6\u89c6\u9891\u56fe\u50cf\u3002",
  "discovererName": "\u90d1\u5c27\u6587 \u5b59\u5229\u6c11 \u6731\u7ea2\u677e",
  "formalWay": "onvif\u534f\u8bae\u7684\u63a5\u53e3\u8bbf\u95ee\u90fd\u9700\u8981\u8eab\u4efd\u8ba4\u8bc1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05128",
  "openTime": "2015-09-07",
  "patchDescription": "CNVD\u786e\u8ba4\u5e76\u590d\u73b0\u6240\u8ff0\u6f0f\u6d1e\u60c5\u51b5\uff0c\u5df2\u7ecf\u8f6c\u7531CNCERT\u4e0b\u53d1\u7ed9\u6d59\u6c5f\u5206\u4e2d\u5fc3\uff0c\u7531\u5176\u540e\u7eed\u534f\u8c03\u7f51\u7ad9\u7ba1\u7406\u5355\u4f4d\u5904\u7f6e\u3002",
  "patchName": "\u5927\u534e\u6444\u50cf\u5934onvif\u534f\u8bae\u8eab\u4efd\u8ba4\u8bc1\u6f0f\u6d1e",
  "products": {
    "product": "\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8 IPC-HF2100 2.420.0000.0.R"
  },
  "serverity": "\u4e2d",
  "submitTime": "2015-07-23",
  "title": "\u5927\u534e\u6444\u50cf\u5934onvif\u534f\u8bae\u8eab\u4efd\u8ba4\u8bc1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.