Published: 18/08/2017 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kguardsecurity kg-sha104_firmware 2.0
kguardsecurity kg-sha108_firmware 2.0

A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization Proo ...

CWE-287 https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities http://www.securityfocus.com/bid/73032 http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html http://www.securityfocus.com/archive/1/535822/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4464

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect