VAR-201602-0184
Vulnerability from variot - Updated: 2025-04-13 23:25Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Zhuhai Allianz Technology Co., Ltd. Zhuhai Allianz Technology Co., Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "raysharp",
"scope": "eq",
"trust": 1.0,
"vendor": "zhuhai",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "swann",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zhuhai raysharp",
"version": null
},
{
"model": "zhuhai raysharp",
"scope": null,
"trust": 0.8,
"vendor": "zhuhai raysharp",
"version": null
},
{
"model": "raysharp for dvrs",
"scope": null,
"trust": 0.6,
"vendor": "zhuhai anlian ruishi",
"version": null
},
{
"model": "raysharp",
"scope": null,
"trust": 0.6,
"vendor": "zhuhai",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zhuhai:raysharp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
}
]
},
"cve": "CVE-2015-8286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-001610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01417",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-86247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-8286",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8286",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-8286",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-001610",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01417",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-349",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-86247",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. Swann network video recorder (NVR) devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Zhuhai Allianz Technology Co., Ltd. Zhuhai Allianz Technology Co., Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8286"
},
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/899080",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#899080"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#899080",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#923388",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2015-8286",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU99656630",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90746018",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610",
"trust": 0.8
},
{
"db": "BID",
"id": "83294",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01417",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86247",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"id": "VAR-201602-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01417"
}
]
},
"last_update_date": "2025-04-13T23:25:10.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Homepage",
"trust": 0.8,
"url": "http://raysharp.manufacturer.globalsources.com/si/6008826226857/Homepage.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/bugtraq/2015/jun/117"
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/899080"
},
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/"
},
{
"trust": 2.5,
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/923388"
},
{
"trust": 1.7,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8286"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://www.riskbasedsecurity.com/research/rbs-2016-001.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8286"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99656630"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90746018"
},
{
"trust": 0.6,
"url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/#7b804d534fd2"
},
{
"trust": 0.6,
"url": "http://www.freebuf.com/news/7154.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#923388"
},
{
"db": "CERT/CC",
"id": "VU#899080"
},
{
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"db": "VULHUB",
"id": "VHN-86247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#923388"
},
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#899080"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-86247"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"date": "2016-02-18T05:59:00.200000",
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#923388"
},
{
"date": "2016-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#899080"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01417"
},
{
"date": "2016-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-86247"
},
{
"date": "2016-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001610"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-349"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password",
"sources": [
{
"db": "CERT/CC",
"id": "VU#923388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-349"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…