CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2276
https://notcve.org/view.php?id=CVE-2017-2276
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Un desbordamiento de búfer en WG-C10 versión 3.0.79 y anteriores, permite a un atacante ejecutar comandos arbitrarios por medio de vectores no especificados. • https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10 https://jvn.jp/en/jp/JVN14151222/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7830
https://notcve.org/view.php?id=CVE-2016-7830
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versión 1.51 y dispositivos PCS-XC1 con versión de firmware anterior a la versión 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticación para realizar operaciones administrativas a través de vectores no especificados. • https://jvn.jp/en/jp/JVN42070907/index.html https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 82EXPL: 0CVE-2016-7834
https://notcve.org/view.php?id=CVE-2016-7834
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device. Red de cámaras SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C cámaras de red con firmware en versiones anteriores a Ver.1.86.00 y SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL con firmware en versiones anteriores a Ver.2.7.2 son propensos a revelar información confidencial. Esto puede permitir que un atacante en el mismo segmento de red local se conecte al dispositivo con privilegios administrativos y realice operaciones en el dispositivo. • https://jvn.jp/en/vu/JVNVU96435227/index.html https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 2CVE-2013-3539 – Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3539
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users. Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros modélos de cmámara permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones de añadir usuario. • https://www.exploit-db.com/exploits/38583 http://seclists.org/fulldisclosure/2013/Jun/84 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5242
https://notcve.org/view.php?id=CVE-2010-5242
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de path de búsqueda no confiable en Sound Forge Pro v10.0b Build 474, permite a usuario locales obtener privilegios a través de un fichero MtxParhVegasPreview.dll troyanizado en el directorio de trabajo actual, como se demostró mediante un directorio que contenía un fichero .sfw. NOTA: Algunos de estos detalles se han obtenido de terceros. • http://secunia.com/advisories/41164 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list •