.. / CVE-2016-7834

Exploit for Sony IPELA Engine IP Camera - Hardcoded Account (CVE-2016-7834)

Description:

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.

Nuclei Template

View the template here CVE-2016-7834.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-7834.yaml

References:

https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
https://nvd.nist.gov/vuln/detail/CVE-2016-7834
https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras
https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
https://jvn.jp/en/vu/JVNVU96435227/index.html