CVE-2020-11682
- EPSS 0.17%
- Veröffentlicht 04.06.2020 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:58:23
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token...
CVE-2020-11679
- EPSS 0.19%
- Veröffentlicht 04.06.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:23
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to...
CVE-2020-11680
- EPSS 0.19%
- Veröffentlicht 04.06.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:23
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not li...
CVE-2020-11681
- EPSS 0.26%
- Veröffentlicht 04.06.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:23
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.