VAR-201609-0101
Vulnerability from variot - Updated: 2025-04-13 23:23AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. AVerInformationEH6108H+hybridDVRVU is a DVR product from AVerInformation. An attacker can exploit the vulnerability to gain root privileges. 2. An authentication-bypass vulnerability. 3. An information-disclosure vulnerability. AVer Information EH6108H+ X9.03.24.00.07l and prior are vulnerable. The vulnerability stems from the fact that the program contains hard-coded accounts. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities. Both accounts have root privileges and may be used to gain access via an undocumented telnet service that cannot be disabled through the web user interface and runs by default.
CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536
By guessing the handle parameter of the /setup page of the web interface, an unauthenticated attacker reportedly may be able to access restricted pages and alter DVR configurations or change user passwords.
CWE-200: Information Exposure - CVE-2016-6537
User credentials are reported to be stored and transmitted in an insecure manner. In the configuration page of the web interface, passwords are stored in base64-encoded strings. In client requests, credentials are listed in plain text in the cookie header.
For more information, refer to the researcher's disclosure.
Solution:
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks.
References:
http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/
https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a nd-more
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/302.html
https://cwe.mitre.org/data/definitions/200.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eh6108h\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "aver",
"version": "x9.03.24.00.07l"
},
{
"model": "information eh6108h+ hybrid dvr x9.03.24.00.07l",
"scope": null,
"trust": 0.9,
"vendor": "aver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "aver information",
"version": null
},
{
"model": "eh6108h+",
"scope": null,
"trust": 0.8,
"vendor": "aver information",
"version": null
},
{
"model": "eh6108h+",
"scope": "eq",
"trust": 0.8,
"vendor": "aver information",
"version": "x9.03.24.00.07l"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:aver:eh6108h%2B",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aver:eh6108h%2B_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Travis Lee",
"sources": [
{
"db": "BID",
"id": "92936"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
}
],
"trust": 1.0
},
"cve": "CVE-2016-6535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6535",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07570",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95355",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6535",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6535",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6535",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-07570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-276",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95355",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6535",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. AVerInformationEH6108H+hybridDVRVU is a DVR product from AVerInformation. An attacker can exploit the vulnerability to gain root privileges. \n2. An authentication-bypass vulnerability. \n3. An information-disclosure vulnerability. \nAVer Information EH6108H+ X9.03.24.00.07l and prior are vulnerable. The vulnerability stems from the fact that the program contains hard-coded accounts. Version X9.03.24.00.07l and possibly\nearlier are reported to contain multiple vulnerabilities. Both accounts have root privileges and may be used to\ngain access via an undocumented telnet service that cannot be disabled\nthrough the web user interface and runs by default. \n\n \n\nCWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-6536\n\n \n\nBy guessing the handle parameter of the /setup page of the web interface, an\nunauthenticated attacker reportedly may be able to access restricted pages\nand alter DVR configurations or change user passwords. \n\n \n\nCWE-200: Information Exposure - CVE-2016-6537\n\n \n\nUser credentials are reported to be stored and transmitted in an insecure\nmanner. In the configuration page of the web interface, passwords are stored\nin base64-encoded strings. In client requests, credentials are listed in\nplain text in the cookie header. \n\n \n\nFor more information, refer to the researcher\u0027s disclosure. \n\n \n\nSolution:\n\nThe CERT/CC is currently unaware of a practical solution to this problem and\nrecommends the following workaround. \n\nRestrict access\n\n \n\nAs a general good security practice, only allow connections from trusted\nhosts and networks. \n\n \n\nReferences:\n\nhttp://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/\n\nhttps://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a\nnd-more\n\nhttps://cwe.mitre.org/data/definitions/798.html\n\nhttps://cwe.mitre.org/data/definitions/302.html\n\nhttps://cwe.mitre.org/data/definitions/200.html\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6535"
},
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "PACKETSTORM",
"id": "138875"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#667480",
"trust": 4.4
},
{
"db": "NVD",
"id": "CVE-2016-6535",
"trust": 3.6
},
{
"db": "BID",
"id": "92936",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU95660277",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07570",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "138875",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-95355",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6535",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"id": "VAR-201609-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "VULHUB",
"id": "VHN-95355"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07570"
}
]
},
"last_update_date": "2025-04-13T23:23:35.369000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EH6108H Series - NVRs and Surveillance Software",
"trust": 0.8,
"url": "http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/new-mirai-variant-carries-out-54-hour-ddos-attacks/124660/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.kb.cert.org/vuls/id/667480"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/92936"
},
{
"trust": 1.6,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-and-more"
},
{
"trust": 1.0,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.9,
"url": "http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus/"
},
{
"trust": 0.9,
"url": "https://cwe.mitre.org/data/definitions/302.html"
},
{
"trust": 0.9,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6535"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95660277/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6535"
},
{
"trust": 0.6,
"url": "http://news.softpedia.com/news/here-s-another-vulnerable-dvr-system-ready-to-become-a-ddos-botnet-508298.shtml"
},
{
"trust": 0.3,
"url": "http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/138875/aver-information-eh6108h-authentication-bypass-inforation-exposure.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6535"
},
{
"trust": 0.1,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6536"
},
{
"trust": 0.1,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"db": "VULHUB",
"id": "VHN-95355"
},
{
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#667480"
},
{
"date": "2016-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"date": "2016-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95355"
},
{
"date": "2016-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"date": "2016-09-13T00:00:00",
"db": "BID",
"id": "92936"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"date": "2016-09-27T16:32:22",
"db": "PACKETSTORM",
"id": "138875"
},
{
"date": "2016-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"date": "2016-09-19T01:59:07.400000",
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#667480"
},
{
"date": "2018-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07570"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95355"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6535"
},
{
"date": "2016-09-13T00:00:00",
"db": "BID",
"id": "92936"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004815"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-276"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-276"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…