Main
Vulnerability Database
Exploits
ID:4807 - Exploit for Improper Authentication in AVTECH Corporation products
ID:4807 - Exploit for Improper Authentication in AVTECH Corporation products
Published: November 9, 2020
Vulnerability identifier: #VU48223
Vulnerability risk: Medium
CVE-ID: N/A
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
IP camera
DVR
NVR
IP camera
DVR
NVR
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to application allows unauthenticated requests to scripts, if request URI contains ".cab" or "/nobody" strings. A remote non-authenticated attacker can append to URL ".cab" or "/nobody" string, bypass authentication process and gain unauthorized access to the application, as well as download source code of scripts on the device.
Remediation
Install updates from vendor's website.