CVE-2016-2360
published 2019-10-25CVE-2016-2360: Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.06%
79.0th percentile
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| milesight | ip_security_camera_firmware | <= 2016-11-14 | — |
| milesight | ip_security_cameras | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6h4r-4p84-m69q: Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installation
ghsa_unreviewed·2022-05-24
CVE-2016-2360 [CRITICAL] CWE-798 GHSA-6h4r-4p84-m69q: Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installation
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Red Hat
JGroups: Authorization bypass
vendor_redhat·2016-06-23·CVSS 9.8
CVE-2016-2141 [CRITICAL] JGroups: Authorization bypass
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
Mitigation: Please refer to https://access.redhat.com/articles/2360
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://kirils.org/slides/2016-10-06_Milesight_initial.pdfhttps://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/https://www.youtube.com/watch?v=scckkI7CAW0http://kirils.org/slides/2016-10-06_Milesight_initial.pdfhttps://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/https://www.youtube.com/watch?v=scckkI7CAW0
2019-10-25
Published