Описание
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
Ссылки
EPSS
Процентиль: 29%
0.00107
Низкий
Дефекты
CWE-290
Связанные уязвимости
github
7 месяцев назад
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
EPSS
Процентиль: 29%
0.00107
Низкий
Дефекты
CWE-290