CVE-2020-11681

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

FULLDISC: http://seclists.org/fulldisclosure/2020/Jun/8
MISC: http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
MISC: https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11681

14 years
257 countries
702k users
4619k calculations
Logo sectech.co.nz
Logo zoneway.cz
Logo ru.kedacom.com
Logo www.kelcom.cz
Logo www.elsec.cz
Logo www.i4wifi.cz