CVE-2015-4464
CRITICAL EXPLOITEDKguard Digital Video Recorder 104 and 108 - Improper Authentication
Title source: llmExploitation Summary
CVE-2015-4464 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
References (4)
Core 4
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535822/100/0/threaded
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73032
Scores
CVSS v3
9.8
EPSS
0.0466
EPSS Percentile
90.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2019-01-01
CWE
CWE-287
Status
published
Products (2)
kguardsecurity/kg-sha104_firmware
2.0
kguardsecurity/kg-sha108_firmware
2.0
Published
Aug 18, 2017
Tracked Since
Feb 18, 2026