CVE-2016-4520
First published: Fri Jul 15 2016(Updated: )
Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pelco Digital Sentry | <=7.6.32.9203 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4520?
CVE-2016-4520 is considered a critical vulnerability due to hardcoded credentials allowing remote code execution.
How do I fix CVE-2016-4520?
To mitigate CVE-2016-4520, upgrade to firmware version 7.14 or later that eliminates the hardcoded credentials.
What are the potential risks of CVE-2016-4520?
The risks associated with CVE-2016-4520 include unauthorized access and the execution of arbitrary code by remote attackers.
Which versions of Pelco Digital Sentry are affected by CVE-2016-4520?
CVE-2016-4520 affects Schneider Electric Pelco Digital Sentry Video Management System firmware versions prior to 7.14.
Who is affected by CVE-2016-4520?
Organizations using compromised versions of the Pelco Digital Sentry Video Management System are affected by CVE-2016-4520.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/severity
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/pelco digital sentry
- version/pelco digital sentry/7.6.32.9203