CVE-2020-11681
N/A
N/A
Summary
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
- http://seclists.org/fulldisclosure/2020/Jun/8
- http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
References
- https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
- http://seclists.org/fulldisclosure/2020/Jun/8
- http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.