QwikSec

Security Database

CVE

CWE

Training

CVE-2020-11679

Published: Jun 4, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

x_refsource_MISC

20200605 Castel NextGen DVR multiple CVEs

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.