exploitDog

CVE-2020-7222

Опубликовано: 18 янв. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).

Ссылки

https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html
Exploit
Third Party Advisory
https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amcrest:web_server:2.520.ac00.18.r:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00257

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-4xwf-xm4x-8cjg

CVSS3: 5.3

github

больше 3 лет назад

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).

EPSS

Процентиль: 49%

0.00257

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287