CVE-2017-14263

Name of the Vulnerable Software and Affected Versions Honeywell NVR devices (affected versions not specified)

Description The issue allows remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the "/RPC2" URI. This enables the attacker to login to the device with the new user account and gain full control of the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.