National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

ENGLISH
Γραμμή Βοηθείας: 1490
ENGLISH

SONY Network Cameras Vulnerability

26 Μαΐου 2025

The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting SONY Network Cameras. 

 

Technical Details

The SONY Network Camera SNC series (including models SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N, SNC-RX570N, and others) is affected by a critical security vulnerability caused by the use of hard-coded default credentials (admin:admin) in the administrative interface. Attackers can exploit this flaw to gain full administrative control over the device by leveraging the unmodified default credentials to access privileged management interfaces.

Firmware versions are affected if they either do not require a credential change upon first login or continue to allow the use of default credentials (e.g., admin/admin). Although the specific impacted versions may differ by model, all confirmed vulnerable cases were found running firmware earlier than version 1.30.

The administrative interface is accessible through multiple ports (e.g., 8000, 8080, 1025, 3333, etc.), depending on the device’s configuration, and is reachable via different web paths that vary across device subseries.

Examples of vulnerable paths include:

• /adm/file.cgi?next_file=setting.htm

• /en/l4/advance.html

• /home/l4/admin_top2.html

• other device-specific administrative URLs

 

Exploiting the vulnerability successfully enables attackers to:

1. Change administrative passwords, granting them continued unauthorized access.

2. Reconfigure network settings (such as DNS or IP parameters), which can be used to launch man-in-the-middle attacks or pivot within the network.

3. Access sensitive device data or firmware, potentially supporting further reverse engineering efforts.

 

Affected Products:

The following products with firmware versions prior to 1.30:

 • SONY Network Camera SNC-M1

• SONY Network Camera SNC-M3

• SONY Network Camera SNC-RZ25N

• SONY Network Camera SNC-RZ30N 

• SONY Network Camera SNC-DS10

• SONY Network Camera SNC-CS3N

• SONY Network Camera SNC-RX570N

• Other SNC series devices using default credentials

 

Recommendations

The Digital Security Authority recommends upgrading firmware to a version later than 1.30 and changing default credentials.

 

References

  1.  Common Vulnerabilities & Exposures
  2.  Common Weakness Enumeration

 

The information presented in this report is based on available data up to the 24th of May 2025. 

 [ Get the report  in .PDF Get the report  in .PDF ]

 

Cyber threats require heightened defences

Working towards a trusted and cyber secure Europe

Protect your cyber hygiene

Cyber Europe 2022 [exercise]