CVE-2015-8286

moderate-risk
Published 2016-02-18

Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.

Do I need to act?

!
10.8% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Zhuhai

References (12)

Exploit http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html
Exploit http://seclists.org/bugtraq/2015/Jun/117
http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of...
Third Party Advisory http://www.kb.cert.org/vuls/id/899080
Third Party Advisory http://www.kb.cert.org/vuls/id/923388
https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv...
Exploit http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html
Exploit http://seclists.org/bugtraq/2015/Jun/117
http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of...
Third Party Advisory http://www.kb.cert.org/vuls/id/899080
Third Party Advisory http://www.kb.cert.org/vuls/id/923388
https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv...
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 11/34 · Low
Exposure 5/34 · Minimal