CVE-2020-11681

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

FULLDISC: http://seclists.org/fulldisclosure/2020/Jun/8
MISC: http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
MISC: https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11681

14 years
257 countries
714k users
4674k calculations
Logo blog.camcloud.com
Logo www.a1securitycameras.com
Logo ru.kedacom.com
Logo ipcamtalk.com
Logo zoneway.cz
Logo www.inv-technology.com