Vulnerability Note VU#913000
Samsung SRN-1670D camera contains multiple vulnerabilities
Original Release date: 12 Jan 2016 | Last revised: 25 Jan 2016

Overview
The Samsung SRN-1670D camera contains multiple vulnerabilities.

Description
CWE-264: Permissions, Privileges, and Access Controls – CVE-2015-8279
An undocumented PHP request may be used to read arbitrary files from the system.

CWE-200: Information Exposure – CVE-2015-8280

The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.

CWE-327: Use of a Broken or Risky Cryptographic Algorithm – CVE-2015-8281

The firmware filesystem uses a weak custom encryption scheme based only on simple XOR operations. Vendors should not attempt to implement their own cryptographic methods.

According to the researchers, the Samsung SRN-1670D (Web Viewer Version 1,0,0,193, Date Created 2013.10.26) is affected; other Samsung SRN model cameras may be affected. This device appears to be manufactured by another company named Hanwha.

More information can be found in the researchers’ blog.

Impact
An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.

Solution
The CERT/CC is currently unaware of a practical solution to this problem.

Hanwha has stated that this model is no longer in production and will not receive any updates.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedHanwhaAffected09 Nov 201525 Jan 2016
Samsung MobileUnknown09 Nov 201509 Nov 2015If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal
6.7
E:POC/RL:U/RC:UR

Environmental
5.0
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html

Credit

Thanks to Aristide Fattori, Luca Giancane and Roberto Paleari for reporting this vulnerability.
This document was written by Garret Wassermann.

Other Information

CVE IDs:
CVE-2015-8279
CVE-2015-8280
CVE-2015-8281

Date Public:
11 Jan 2016

Date First Published:
12 Jan 2016

Date Last Updated:
25 Jan 2016

Document Revision:
24

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply