CVE-2019-13352

Name of the Vulnerable Software and Affected Versions WolfVision Cynap versions prior to 1.30j

Description The issue concerns the use of a static, hard-coded cryptographic secret for generating support PINs in the 'forgot password' feature. An attacker who knows this secret and the corresponding algorithm can reset the ADMIN password, thereby gaining remote access.

Recommendations For versions prior to 1.30j, update to version 1.30j or later to resolve the issue. As a temporary workaround, consider restricting access to the 'forgot password' feature until the update is applied.