On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swann | dvr-16cif_firmware | - |
| swann | dvr16b_firmware | - |
| swann | dvr04b_firmware | - |
| swann | dvr08b_firmware | - |
Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swann | swnvw-470cam_firmware | * |
| swann | srnvw-470lcd_firmware | * |
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swann | swwhd-intcam-hd_firmware | - |
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31.
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swann | swwhd-intcam-hd_firmware | - |