CVE-2020-11681

Опубликовано: 04 июн. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 4

EPSS Низкий

Описание

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

Ссылки

http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/8
Mailing List
Third Party Advisory
https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
Third Party Advisory
http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/8
Mailing List
Third Party Advisory
https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*

cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00258

Низкий

8.1 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-p6qr-x996-pvwx

github

больше 3 лет назад