| Title | sony Network Camera SNC <=1.30 Use of Default Credentials |
|---|
| Description | # Sony SNC Network Cameras Default Credentials Vulnerability
## 1. CWE Type:
**CWE-1392: Use of Default Credentials**
---
## 2. Vulnerability Description
The SONY Network Camera SNC series (including models SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N, SNC-RX570N, and others) is affected by a critical security vulnerability caused by the use of hard-coded default credentials (admin:admin) in the administrative interface. Attackers can exploit this flaw to gain full administrative control over the device by leveraging the unmodified default credentials to access privileged management interfaces.
The administrative interface is exposed over multiple ports (e.g., 8000, 8080, 1025, 3333, etc., depending on device configuration) and is accessible through varying web paths specific to different device subseries. Examples of vulnerable paths include:
* /adm/file.cgi?next_file=setting.htm
* /en/l4/advance.html
* /home/l4/admin_top2.html
* other device-specific administrative URLs
Successful exploitation allows attackers to:
1. Modify administrative passwords, enabling persistent unauthorized access.
2. Alter network configurations (e.g., DNS, IP settings), facilitating man-in-the-middle attacks or network pivoting.
3. Extract sensitive device information or firmware for further reverse engineering.
This vulnerability arises from the manufacturer’s failure to enforce credential changes during initial device setup or through post-deployment security updates. Devices remain vulnerable unless default credentials are manually changed by the user.
**Impact:**
* Full compromise of device integrity and configuration.
* Unauthorized access to connected networks or adjacent systems.
* Potential abuse as an attack vector in botnets or surveillance campaigns.
**Affected Products:**
* SONY Network Camera SNC-M1
* SONY Network Camera SNC-M3
* SONY Network Camera SNC-RZ25N
* SONY Network Camera SNC-RZ30N
* SONY Network Camera SNC-DS10
* SONY Network Camera SNC-CS3N
* SONY Network Camera SNC-RX570N
* Other SNC series devices using default credentials
Affected firmware versions are those that do not enforce credential changes on first login or allow default credentials (admin/admin) to persist. While exact version coverage may vary by model, all known vulnerable instances were observed running firmware prior to version 1.30.
A number of Sony SNC cameras were found accessible over the internet at the following IP addresses:
http://x.x.x.x:9000/
http://x.x.x.x:9000/
http://x.x.x.x:8000/
http://x.x.x.x:3333/
http://x.x.x.x:1025/
http://x.x.x.x:8080/
http://x.x.x.x:1400/
http://x.x.x.x/
http://x.x.x.x/
|
|---|
| Source | ⚠️ https://github.com/zeke2997/CVE_request_Sony |
|---|
| User | zeke (UID 84610) |
|---|
| Submission | 04/24/2025 12:18 (12 months ago) |
|---|
| Moderation | 05/23/2025 19:58 (29 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310203 [Sony SNC-M1 up to 1.30 Administrative Interface default credentials] |
|---|
| Points | 20 |
|---|