CVE-2019-18339

Name of the Vulnerable Software and Affected Versions SiNVR/SiVMS Video Server versions prior to V5.0.0

Description A vulnerability has been identified in the HTTP service of the SiVMS/SiNVR Video Server, which contains an authentication bypass issue. This allows a remote attacker with network access to the Video Server to exploit the vulnerability and read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Recommendations For versions prior to V5.0.0, update to version V5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP service on the default port 5401/tcp to minimize the risk of exploitation.