cvelistv5 - cve-2016-7830

CVE-2016-7830 (GCVE-0-2016-7830)

Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04

Summary

Severity ?

No CVSS data available.

CWE

Authentication bypass

Assigner

jpcert

References

URL

Tags

	https://www.sony.co.uk/pro/support/attachment/123…	x_refsource_CONFIRM
	https://jvn.jp/en/jp/JVN42070907/index.html	third-party-advisoryx_refsource_JVN

Impacted products

Vendor

Product

Version

Sony Corporation

PCS-XG100

Affected: firmware versions prior to Ver.1.51

Sony Corporation	PCS-XG100S	Affected: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG100C	Affected: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77	Affected: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77S	Affected: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XG77C	Affected: firmware versions prior to Ver.1.51
Sony Corporation	PCS-XC1	Affected: firmware version prior to Ver.1.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:56.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
          },
          {
            "name": "JVN#42070907",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PCS-XG100",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG100S",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG100C",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77S",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XG77C",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to Ver.1.51"
            }
          ]
        },
        {
          "product": "PCS-XC1",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version prior to Ver.1.22"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-09T15:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
        },
        {
          "name": "JVN#42070907",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7830",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PCS-XG100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG100S",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG100C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77S",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XG77C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to Ver.1.51"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PCS-XC1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version prior to Ver.1.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sony Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-7830",
    "datePublished": "2017-06-09T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:56.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59D66787-EA68-459A-8B6B-DDE3297A686F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E568C0-86AF-4886-9709-A83018CE6C2F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB542813-B53F-44BD-B8D5-161667E77411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0817A1C4-2A4F-4D79-AC63-100A1D4B5998\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1374A1FF-C50E-442B-9549-E4F388946128\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"030DCC5E-8633-4086-BAC9-F5FD4E7D46D4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEDB48B7-9DC3-422D-A649-7B7C094B4ED8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C667897-92BE-45E7-9B4D-426D80511D67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"657B512E-81A1-4603-904E-1875814BF48B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.21\", \"matchCriteriaId\": \"4D21324B-1210-4E7F-80FB-3FD284035B7A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8141874D-CF91-4A17-A56E-EE8B10E0C66B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\\u00f3n 1.51 y dispositivos PCS-XC1 con versi\\u00f3n de firmware anterior a la versi\\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\\u00f3n para realizar operaciones administrativas a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2016-7830",
      "lastModified": "2024-11-21T02:58:33.323",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-09T16:29:01.080",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN42070907/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN42070907/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7830\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-06-09T16:29:01.080\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\u00f3n 1.51 y dispositivos PCS-XC1 con versi\u00f3n de firmware anterior a la versi\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para realizar operaciones administrativas a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D66787-EA68-459A-8B6B-DDE3297A686F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E568C0-86AF-4886-9709-A83018CE6C2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB542813-B53F-44BD-B8D5-161667E77411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0817A1C4-2A4F-4D79-AC63-100A1D4B5998\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1374A1FF-C50E-442B-9549-E4F388946128\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030DCC5E-8633-4086-BAC9-F5FD4E7D46D4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEDB48B7-9DC3-422D-A649-7B7C094B4ED8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C667897-92BE-45E7-9B4D-426D80511D67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"657B512E-81A1-4603-904E-1875814BF48B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.21\",\"matchCriteriaId\":\"4D21324B-1210-4E7F-80FB-3FD284035B7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8141874D-CF91-4A17-A56E-EE8B10E0C66B\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN42070907/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN42070907/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201706-0071

Vulnerability from variot - Updated: 2023-12-18 12:57

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.The device may be logged in by the other user in the same subnetwork. As a result, the device may be manipulated by the user with administrative privileges. Sony PCS-XG100 and so on are Sony's network camera products. An authentication vulnerability exists in several Sony products. An attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Sony PCS-XG100, etc. The following products and versions are affected: PCS-XG100 with firmware version earlier than 1.51; PCS-XG100S with firmware version earlier than 1.51; PCS-XG100C with firmware version earlier than 1.51; PCS-XG77 with firmware version earlier than 1.51 ; PCS-XG77S with firmware version earlier than 1.51; PCS-XG77C with firmware version earlier than 1.51; PCS-XC1 with firmware version earlier than 1.22

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pcs-xg77",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.50"
      },
      {
        "model": "pcs-xg77",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.42"
      },
      {
        "model": "pcs-xg100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.50"
      },
      {
        "model": "pcs-xg100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "1.42"
      },
      {
        "model": "pcs-xc1",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg77s",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg77",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg100s",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xg100",
        "scope": null,
        "trust": 1.4,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "pcs-xc1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "1.21"
      },
      {
        "model": "pcs-xc1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "1.21"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "cve": "CVE-2016-7830",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000246",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-14141",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-96650",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000246",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-7830",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2016-000246",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14141",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-354",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-96650",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.The device may be logged in by the other user in the same subnetwork. As a result, the device may be manipulated by the user with administrative privileges. Sony PCS-XG100 and so on are Sony\u0027s network camera products. An authentication vulnerability exists in several Sony products. An attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Sony PCS-XG100, etc. The following products and versions are affected: PCS-XG100 with firmware version earlier than 1.51; PCS-XG100S with firmware version earlier than 1.51; PCS-XG100C with firmware version earlier than 1.51; PCS-XG77 with firmware version earlier than 1.51 ; PCS-XG77S with firmware version earlier than 1.51; PCS-XG77C with firmware version earlier than 1.51; PCS-XC1 with firmware version earlier than 1.22",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7830",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN42070907",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "id": "VAR-201706-0071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      }
    ],
    "trust": 1.375
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:20.638000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Notice regarding Video conference Network Security Enhancement",
        "trust": 0.8,
        "url": "http://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
      },
      {
        "title": "Software: PCS-XG100/XG77 V1.51.20 \u0026 PCS-XC1 V1.22.20",
        "trust": 0.8,
        "url": "https://www.sony.co.uk/pro/support/software/set_160510_psg/1"
      },
      {
        "title": "Patches for multiple Sony product authentication vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/97891"
      },
      {
        "title": "Multiple Sony Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70859"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://jvn.jp/en/jp/jvn42070907/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7830"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7830"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "date": "2017-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "date": "2016-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "date": "2017-06-09T16:29:01.080000",
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14141"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96650"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      },
      {
        "date": "2017-06-22T12:37:48.017000",
        "db": "NVD",
        "id": "CVE-2016-7830"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mutiple SONY Videoconference Systems do not properly perform authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000246"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-354"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-14141

Vulnerability from cnvd - Published: 2017-07-13

Title

多款Sony产品身份验证漏洞

Description

Sony PCS-XG100等都是日本索尼（Sony）公司的网络摄像机产品。多款Sony产品中存在身份验证漏洞。攻击者可利用该漏洞绕过身份验证，执行管理员操作。

Severity

中

Patch Name

多款Sony产品身份验证漏洞的补丁

Patch Description

Sony PCS-XG100等都是日本索尼（Sony）公司的网络摄像机产品。多款Sony产品中存在身份验证漏洞。攻击者可利用该漏洞绕过身份验证，执行管理员操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf?token=vVAQV7p7E-U4WnXAKw3T7ea0TRRWpM-y9zm5mSWBlAV6-LlK5H_zNcbu3p7DK3KA93TwY5ZwqQBFedDSHaVQXLC7I7o-8zrCO24TmpiEw92MIQZRg_gW96IpKvWHTJgSIzp5-VHOI-7tQEKmVTh9a_aZAJM.

Reference

https://jvn.jp/en/jp/JVN42070907/index.html

Impacted products

Name
['Sony PCS-XC1', 'Sony PCS-XG77S', 'Sony PCS-XG77', 'Sony PCS-XG100S', 'Sony PCS-XG100']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7830"
    }
  },
  "description": "Sony PCS-XG100\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u7f51\u7edc\u6444\u50cf\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u7ba1\u7406\u5458\u64cd\u4f5c\u3002",
  "discovererName": "Sony",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf?token=vVAQV7p7E-U4WnXAKw3T7ea0TRRWpM-y9zm5mSWBlAV6-LlK5H_zNcbu3p7DK3KA93TwY5ZwqQBFedDSHaVQXLC7I7o-8zrCO24TmpiEw92MIQZRg_gW96IpKvWHTJgSIzp5-VHOI-7tQEKmVTh9a_aZAJM.",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14141",
  "openTime": "2017-07-13",
  "patchDescription": "Sony PCS-XG100\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u7f51\u7edc\u6444\u50cf\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u7ba1\u7406\u5458\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSony\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Sony PCS-XC1",
      "Sony PCS-XG77S",
      "Sony PCS-XG77",
      "Sony PCS-XG100S",
      "Sony PCS-XG100"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN42070907/index.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-13",
  "title": "\u591a\u6b3eSony\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

GSD-2016-7830

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7830

Aliases

CVE-2016-7830

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7830",
    "description": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
    "id": "GSD-2016-7830"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7830"
      ],
      "details": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
      "id": "GSD-2016-7830",
      "modified": "2023-12-13T01:21:21.117752Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2016-7830",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PCS-XG100",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG100S",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG100C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77S",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XG77C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware versions prior to Ver.1.51"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PCS-XC1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version prior to Ver.1.22"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authentication bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
          },
          {
            "name": "JVN#42070907",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7830"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-06-22T12:37Z",
      "publishedDate": "2017-06-09T16:29Z"
    }
  }
}

FKIE_CVE-2016-7830

Vulnerability from fkie_nvd - Published: 2017-06-09 16:29 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
sony	pcs-xg100_firmware	1.50
sony	pcs-xg100	-
sony	pcs-xg100s	-
sony	pcs-xg100_firmware	1.42
sony	pcs-xg100c	-
sony	pcs-xg77_firmware	1.50
sony	pcs-xg77	-
sony	pcs-xg77s	-
sony	pcs-xg77_firmware	1.42
sony	pcs-xg77c	-
sony	pcs-xc1_firmware	*
sony	pcs-xc1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D66787-EA68-459A-8B6B-DDE3297A686F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E568C0-86AF-4886-9709-A83018CE6C2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB542813-B53F-44BD-B8D5-161667E77411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0817A1C4-2A4F-4D79-AC63-100A1D4B5998",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1374A1FF-C50E-442B-9549-E4F388946128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "030DCC5E-8633-4086-BAC9-F5FD4E7D46D4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDB48B7-9DC3-422D-A649-7B7C094B4ED8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C667897-92BE-45E7-9B4D-426D80511D67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "657B512E-81A1-4603-904E-1875814BF48B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D21324B-1210-4E7F-80FB-3FD284035B7A",
              "versionEndIncluding": "1.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8141874D-CF91-4A17-A56E-EE8B10E0C66B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\u00f3n 1.51 y dispositivos PCS-XC1 con versi\u00f3n de firmware anterior a la versi\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para realizar operaciones administrativas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-7830",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-09T16:29:01.080",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2016-000246

Vulnerability from jvndb - Published: 2016-12-16 14:11 - Updated:2018-01-17 14:03

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Mutiple SONY Videoconference Systems do not properly perform authentication

Details

Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN42070907/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7830
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Sony Corporation	PCS-XC1
	Sony Corporation	PCS-XG100
	Sony Corporation	PCS-XG100S
	Sony Corporation	PCS-XG77
	Sony Corporation	PCS-XG77S

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
  "dc:date": "2018-01-17T14:03+09:00",
  "dcterms:issued": "2016-12-16T14:11+09:00",
  "dcterms:modified": "2018-01-17T14:03+09:00",
  "description": "Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).\r\nThis user account has a privilege to view some of the system configuration files.  As a result, the device may be manipulated by an attacker with administrative privileges.\r\n\r\ntelnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default.  When this functionality is enabled, a user in the same subnetwork can login to the device.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:sony:pcs-xc1",
      "@product": "PCS-XC1",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg100",
      "@product": "PCS-XG100",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg100s",
      "@product": "PCS-XG100S",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg77",
      "@product": "PCS-XG77",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:sony:pcs-xg77s",
      "@product": "PCS-XG77S",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.9",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000246",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN42070907/index.html",
      "@id": "JVN#42070907",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830",
      "@id": "CVE-2016-7830",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830",
      "@id": "CVE-2016-7830",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Mutiple SONY Videoconference Systems do not properly perform authentication"
}

GHSA-XRC8-4CQR-4X7C

Vulnerability from github – Published: 2022-05-17 02:40 – Updated: 2022-05-17 02:40

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-09T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",
  "id": "GHSA-xrc8-4cqr-4x7c",
  "modified": "2022-05-17T02:40:33Z",
  "published": "2022-05-17T02:40:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7830 (GCVE-0-2016-7830)

VAR-201706-0071

CNVD-2017-14141

GSD-2016-7830

FKIE_CVE-2016-7830

JVNDB-2016-000246

GHSA-XRC8-4CQR-4X7C

Tags

Sightings

Nomenclature