search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Samsung SRN-1670D camera contains multiple vulnerabilities

Vulnerability Note VU#913000

Original Release Date: 2016-01-12 | Last Revised: 2016-01-25

Overview

The Samsung SRN-1670D camera contains multiple vulnerabilities.

Description

CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279

An undocumented PHP request may be used to read arbitrary files from the system.

CWE-200: Information Exposure - CVE-2015-8280

The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.

CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2015-8281

The firmware filesystem uses a weak custom encryption scheme based only on simple XOR operations. Vendors should not attempt to implement their own cryptographic methods.

According to the researchers, the Samsung SRN-1670D (Web Viewer Version 1,0,0,193, Date Created 2013.10.26) is affected; other Samsung SRN model cameras may be affected. This device appears to be manufactured by another company named Hanwha.

More information can be found in the researchers' blog.

Impact

An unauthenticated remote attacker may access arbitrary files on the device, and learn user credentials.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Hanwha has stated that this model is no longer in production and will not receive any updates.

Vendor Information

913000
 
Expand all

Hanwha Affected

Notified:  November 09, 2015 Updated: January 25, 2016

Statement Date:   January 13, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The model SRN-1670D is no longer supported and therefore no firmware update will be released. However, Hanwha says the fix will be integrated into firmware for newer models.

Samsung Mobile Unknown

Notified:  November 09, 2015 Updated: November 09, 2015

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References


    CVSS Metrics

    Group Score Vector
    Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N
    Temporal 6.7 E:POC/RL:U/RC:UR
    Environmental 5.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

    References

    http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html

    Acknowledgements

    Thanks to Aristide Fattori, Luca Giancane and Roberto Paleari for reporting this vulnerability.

    This document was written by Garret Wassermann.

    Other Information

    CVE IDs: CVE-2015-8279, CVE-2015-8280, CVE-2015-8281
    Date Public: 2016-01-11
    Date First Published: 2016-01-12
    Date Last Updated: 2016-01-25 16:56 UTC
    Document Revision: 25

    Sponsored by CISA.

    Download PGP Key

    Read CERT/CC Blog

    Learn about Vulnerability Analysis