CVE-2018-10676

Name of the Vulnerable Software and Affected Versions CeNova versions (affected versions not specified) Night OWL versions (affected versions not specified) Novo versions (affected versions not specified) Pulnix versions (affected versions not specified) QSee versions (affected versions not specified) Securus versions (affected versions not specified) TBK Vision DVR devices versions (affected versions not specified)

Description The issue allows remote attackers to download a file and obtain sensitive credential information via a direct request for the "download.rsp" URI.

Recommendations For CeNova, consider restricting access to the "download.rsp" URI until a fix is available. For Night OWL, avoid using the download functionality until the issue is resolved. For Novo, restrict access to sensitive credential information to minimize the risk of exploitation. For Pulnix, consider disabling the download feature temporarily as a workaround. For QSee, limit access to the download.rsp URI to prevent unauthorized file downloads. For Securus, as a temporary workaround, consider blocking direct requests for the download.rsp URI. For TBK Vision DVR devices, restrict access to sensitive areas of the device to prevent exploitation.