Authentication Bypass in Sony Video Conferencing Devices
CVE-2016-7830

8.8HIGH

Key Information:

Vendor: Sony Corporation
Status: Pcs-xg100; Pcs-xg100s; Pcs-xg100c; Pcs-xg77
Vendor: CVE Published:; 9 June 2017

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2016-7830?

Several Sony video conferencing devices, including models PCS-XG100 and PCS-XC1, are susceptible to an authentication bypass. An attacker on the same network segment can exploit this vulnerability to execute administrative operations without proper authorization. Devices must have firmware updated to at least Ver.1.51 for PCS-XG series and Ver.1.22 for PCS-XC1 to mitigate this risk. Failure to address this issue may lead to unauthorized access and potential compromise of sensitive communications.

Affected Version(s)

PCS-XC1 firmware version prior to Ver.1.22

PCS-XG100 firmware versions prior to Ver.1.51

PCS-XG100C firmware versions prior to Ver.1.51

References

https://www.sony.co.uk/pro/support/attachment/12374944318...

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN42070907/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2017
Vulnerability Reserved
Sep 9, 2016