CVE-2020-11681

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.

FULLDISC: http://seclists.org/fulldisclosure/2020/Jun/8
MISC: http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
MISC: https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11681

15 years
257 countries
739k users
4799k calculations
Logo ipcamtalk.com
Logo reolink.com
Logo ru.kedacom.com
Logo www.kelcom.cz
Logo www.elsec.cz
Logo www.eleksys.cz