QwikSec

Security Database

CVE

CWE

Training

CVE-2020-11680

Published: Jun 4, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

x_refsource_MISC

20200605 Castel NextGen DVR multiple CVEs

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.