SB2013080603 - Multiple vulnerabilities in Hikvision Cameras
Published: August 6, 2013 Updated: December 8, 2017
Security Bulletin ID
SB2013080603
Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2013-4977)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists due to buffer overflow in the RTSP Packet Handler. A remote attacker can send a specially crafted packet using the Range parameter of the RTSP transaction, trigger memory corruption and cause the service to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Use of hard-coded credentials (CVE-ID: CVE-2013-4976)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to use of hard-coded credentials (even if the built-in anonymous user account was explicitly disabled). A remote attacker can use hard-coded credentials to bypass the anonymous user authentication.
3) Information disclosure (CVE-ID: CVE-2013-4975)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to unknown error when handling malicious input. A remote attacker can send specially crafted data and obtain the admin password from a non-privileged user account.
Remediation
Install update from vendor's website.