CVE-2015-4464
published 2017-08-18CVE-2015-4464: Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
PriorityP278critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.66%
90.6th percentile
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kguardsecurity | kg-sha104_firmware | — | — |
| kguardsecurity | kg-sha108_firmware | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j4pr-v554-qjg5: Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server
ghsa_unreviewed·2022-05-14
CVE-2015-4464 [CRITICAL] CWE-287 GHSA-j4pr-v554-qjg5: Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
VulnCheck
kguardsecurity kg-sha104_firmware Improper Authentication
vulncheck·2015·CVSS 9.8
CVE-2015-4464 [CRITICAL] kguardsecurity kg-sha104_firmware Improper Authentication
kguardsecurity kg-sha104_firmware Improper Authentication
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
Affected: kguardsecurity kg-sha104_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-3_Herwig_paper.pdf; https://www.researchgate.net/publication/348602660_An_analysis_of_the_use_of_CVEs_by_IoT_malware
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.htmlhttp://www.securityfocus.com/archive/1/535822/100/0/threadedhttp://www.securityfocus.com/bid/73032https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilitieshttp://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.htmlhttp://www.securityfocus.com/archive/1/535822/100/0/threadedhttp://www.securityfocus.com/bid/73032https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities
2017-08-18
Published
Exploited in the wild