VAR-201609-0102
Vulnerability from variot - Updated: 2025-04-13 23:23The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. In addition, JVNVU#95660277 Then CWE-302 It is published as CWE-302: Authentication Bypass by Assumed-Immutable Data http://cwe.mitre.org/data/definitions/302.htmlBy a third party handle By using the value of the parameter, you may be able to bypass the access restriction of the page or change the password. AVerInformationEH6108H+hybridDVRVU is a DVR product from AVerInformation. AVerInformationEH6108H+hybridDVRVU has a certification bypass vulnerability. A hard coded credentials vulnerability. 2. An authentication-bypass vulnerability. 3. An information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information and gain root privileges. AVer Information EH6108H+ X9.03.24.00.07l and prior are vulnerable. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities. Both accounts have root privileges and may be used to gain access via an undocumented telnet service that cannot be disabled through the web user interface and runs by default.
CWE-200: Information Exposure - CVE-2016-6537
User credentials are reported to be stored and transmitted in an insecure manner. In the configuration page of the web interface, passwords are stored in base64-encoded strings. In client requests, credentials are listed in plain text in the cookie header.
For more information, refer to the researcher's disclosure.
Solution:
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks.
References:
http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/
https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a nd-more
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/302.html
https://cwe.mitre.org/data/definitions/200.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eh6108h\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "aver",
"version": "x9.03.24.00.07l"
},
{
"model": "information eh6108h+ hybrid dvr x9.03.24.00.07l",
"scope": null,
"trust": 0.9,
"vendor": "aver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "aver information",
"version": null
},
{
"model": "eh6108h+",
"scope": null,
"trust": 0.8,
"vendor": "aver information",
"version": null
},
{
"model": "eh6108h+",
"scope": "eq",
"trust": 0.8,
"vendor": "aver information",
"version": "x9.03.24.00.07l"
},
{
"model": "eh6108h\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "aver",
"version": "x9.03.24.00.07l"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:aver:eh6108h%2B",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aver:eh6108h%2B_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Travis Lee",
"sources": [
{
"db": "BID",
"id": "92936"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
}
],
"trust": 1.0
},
"cve": "CVE-2016-6536",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6536",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07571",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95356",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6536",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-07571",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-277",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95356",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. In addition, JVNVU#95660277 Then CWE-302 It is published as CWE-302: Authentication Bypass by Assumed-Immutable Data http://cwe.mitre.org/data/definitions/302.htmlBy a third party handle By using the value of the parameter, you may be able to bypass the access restriction of the page or change the password. AVerInformationEH6108H+hybridDVRVU is a DVR product from AVerInformation. AVerInformationEH6108H+hybridDVRVU has a certification bypass vulnerability. A hard coded credentials vulnerability. \n2. An authentication-bypass vulnerability. \n3. An information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information and gain root privileges. \nAVer Information EH6108H+ X9.03.24.00.07l and prior are vulnerable. Version X9.03.24.00.07l and possibly\nearlier are reported to contain multiple vulnerabilities. Both accounts have root privileges and may be used to\ngain access via an undocumented telnet service that cannot be disabled\nthrough the web user interface and runs by default. \n\n \n\nCWE-200: Information Exposure - CVE-2016-6537\n\n \n\nUser credentials are reported to be stored and transmitted in an insecure\nmanner. In the configuration page of the web interface, passwords are stored\nin base64-encoded strings. In client requests, credentials are listed in\nplain text in the cookie header. \n\n \n\nFor more information, refer to the researcher\u0027s disclosure. \n\n \n\nSolution:\n\nThe CERT/CC is currently unaware of a practical solution to this problem and\nrecommends the following workaround. \n\nRestrict access\n\n \n\nAs a general good security practice, only allow connections from trusted\nhosts and networks. \n\n \n\nReferences:\n\nhttp://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/\n\nhttps://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a\nnd-more\n\nhttps://cwe.mitre.org/data/definitions/798.html\n\nhttps://cwe.mitre.org/data/definitions/302.html\n\nhttps://cwe.mitre.org/data/definitions/200.html\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6536"
},
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "PACKETSTORM",
"id": "138875"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#667480",
"trust": 4.3
},
{
"db": "NVD",
"id": "CVE-2016-6536",
"trust": 3.5
},
{
"db": "BID",
"id": "92936",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU95660277",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07571",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95356",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138875",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"id": "VAR-201609-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "VULHUB",
"id": "VHN-95356"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07571"
}
]
},
"last_update_date": "2025-04-13T23:23:35.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EH6108H Series - NVRs and Surveillance Software",
"trust": 0.8,
"url": "http://surveillance.aver.com/model/embedded-hybrid-DVR-EH6108H-plus/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.kb.cert.org/vuls/id/667480"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/92936"
},
{
"trust": 1.6,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-and-more"
},
{
"trust": 0.9,
"url": "http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus/"
},
{
"trust": 0.9,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.9,
"url": "https://cwe.mitre.org/data/definitions/302.html"
},
{
"trust": 0.9,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6536"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95660277/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6536"
},
{
"trust": 0.6,
"url": "http://news.softpedia.com/news/here-s-another-vulnerable-dvr-system-ready-to-become-a-ddos-botnet-508298.shtml"
},
{
"trust": 0.3,
"url": "http://surveillance.aver.com/model/embedded-hybrid-dvr-eh6108h-plus"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6535"
},
{
"trust": 0.1,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-a"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6536"
},
{
"trust": 0.1,
"url": "https://www.appsecconsulting.com/blog/easy-root-on-aver-eh6108h-hybrid-dvr-"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#667480"
},
{
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"db": "VULHUB",
"id": "VHN-95356"
},
{
"db": "BID",
"id": "92936"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"db": "PACKETSTORM",
"id": "138875"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#667480"
},
{
"date": "2016-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"date": "2016-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95356"
},
{
"date": "2016-09-13T00:00:00",
"db": "BID",
"id": "92936"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"date": "2016-09-27T16:32:22",
"db": "PACKETSTORM",
"id": "138875"
},
{
"date": "2016-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"date": "2016-09-19T01:59:08.400000",
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#667480"
},
{
"date": "2016-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07571"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95356"
},
{
"date": "2016-09-13T00:00:00",
"db": "BID",
"id": "92936"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004816"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-277"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#667480"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-277"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…