CVE-2020-11681

Published: Jun 4, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

x_refsource_MISC

20200605 Castel NextGen DVR multiple CVEs

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11681

Description

Affected Products

References