CVE-2020-36925

Summary

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.

Affected Software

VendorProductVersion RangeStatus
Arteco-GlobalArteco Web Client DVR/NVRUnknownaffected

Weaknesses

  • CWE-331: Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References