Detections
Analytics

Sony IP Cameras Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-7834)

high Tenable OT Security Plugin ID 505204

Synopsis

The remote OT asset is affected by a vulnerability.

Description

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC- EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC- ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC- ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC- CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC- EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://jvn.jp/en/vu/JVNVU96435227/index.html

http://www.nessus.org/u?939124b7

Plugin Details

Severity: High

ID: 505204

File Name: tenable_ot_sony_CVE-2016-7834.nasl

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 3/3/2026

Updated: 3/4/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-7834

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:sony:snc-dh220t:-, cpe:/h:sony:snc-xm631l:-, cpe:/h:sony:snc-em630:-, cpe:/h:sony:snc-er521:-, cpe:/h:sony:snc-vb600b5:-, cpe:/h:sony:snc-vm631:-, cpe:/h:sony:snc-wr630:-, cpe:/h:sony:snc-zr550:-, cpe:/h:sony:snc-wr602cl:-, cpe:/h:sony:snc-eb602r:-, cpe:/h:sony:snc-ep521:-, cpe:/h:sony:snc-dh260:-, cpe:/h:sony:snc-ch120:-, cpe:/h:sony:snc-zm551:-, cpe:/h:sony:snc-em600:-, cpe:/h:sony:snc-vb600l:-, cpe:/h:sony:snc-vm6305:-, cpe:/h:sony:snc-ch260:-, cpe:/h:sony:snc-vb600b:-, cpe:/h:sony:snc-xm632:-, cpe:/h:sony:snc-vm600l:-, cpe:/h:sony:snc-er585h:-, cpe:/h:sony:snc-vm630:-, cpe:/h:sony:snc-vm600:-, cpe:/h:sony:snc-em602rc:-, cpe:/h:sony:snc-vm600b5:-, cpe:/h:sony:snc-wr602:-, cpe:/h:sony:snc-em631:-, cpe:/h:sony:snc-vb600:-, cpe:/h:sony:snc-xm637:-, cpe:/h:sony:snc-wr632c:-, cpe:/h:sony:snc-zp550:-, cpe:/h:sony:snc-ep580:-, cpe:/h:sony:snc-ep520:-, cpe:/h:sony:snc-zb550:-, cpe:/h:sony:snc-er521c:-, cpe:/h:sony:snc-eb600:-, cpe:/h:sony:snc-vb630:-, cpe:/h:sony:snc-eb520:-, cpe:/h:sony:snc-vm601b:-, cpe:/h:sony:snc-ch220:-, cpe:/h:sony:snc-xm636:-, cpe:/h:sony:snc-eb630b:-, cpe:/h:sony:snc-eb630:-, cpe:/h:sony:snc-vb6305:-, cpe:/h:sony:snc-em632rc:-, cpe:/h:sony:snc-eb632r:-, cpe:/h:sony:snc-vm601:-, cpe:/h:sony:snc-wr632:-, cpe:/h:sony:snc-ep550:-, cpe:/h:sony:snc-vm6307:-, cpe:/h:sony:snc-ch160:-, cpe:/h:sony:snc-em521:-, cpe:/h:sony:snc-em520:-, cpe:/h:sony:snc-eb600b:-, cpe:/h:sony:snc-er550c:-, cpe:/h:sony:snc-vm602r:-, cpe:/h:sony:snc-er580:-, cpe:/h:sony:snc-dh220:-, cpe:/h:sony:snc-er550:-, cpe:/h:sony:snc-vb632d:-, cpe:/h:sony:snc-cx600:-, cpe:/h:sony:snc-xm631:-, cpe:/h:sony:snc-dh120t:-, cpe:/h:sony:snc-cx600w:-, cpe:/h:sony:snc-wr600:-, cpe:/h:sony:snc-dh120:-, cpe:/h:sony:snc-em601:-, cpe:/h:sony:snc-vm600b:-, cpe:/h:sony:snc-zm550:-, cpe:/h:sony:snc-ch115:-, cpe:/h:sony:snc-er520:-, cpe:/h:sony:snc-vb6307:-, cpe:/h:sony:snc-vb635:-, cpe:/h:sony:snc-em632r:-, cpe:/h:sony:snc-wr602c:-, cpe:/h:sony:snc-er585:-, cpe:/h:sony:snc-vm632r:-, cpe:/h:sony:snc-em602r:-, cpe:/h:sony:snc-dh160:-

Required KB Items: Tenable.ot/Sony

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2017

Vulnerability Publication Date: 4/13/2017

Reference Information

CVE: CVE-2016-7834

CWE: 200