BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Sony CH/DH Network Cameras Cross-Site Request Forgery

Disclosed June 12, 2013    Zeroday : 530 days

Vulnerability Description:

The affected cameras are vulnerable to a cross-site request forgery vulnerability, which can be used to manipulate web interface parameters, allowing the attacker to modify settings, such as creating users on the vulnerable device.

Vendors:

Sony

Vulnerable Software/Devices:

SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T and SNC DH280

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Cross-Site Request Forgery
Exploitation of this vulnerability is possible via forged HTML forms, sent to a victim through a number of different attack vectors (including malicious links). Attackers who successfully exploit this vulnerability may be able to take complete control of the affected device, including the ability to change arbitrary settings, such as the username and password for administering the vulnerable device.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19757 - Sony CH/DH Network Cameras Cross-Site Request Forgery (Zero-Day) - HTTP
  • 19758 - Sony CH/DH Network Cameras Cross-Site Request Forgery (Zero-Day) - FTP

Mitigation:

No mitigation is currently available.

Links:

CVE(s):