CVE-2020-11624

Name of the Vulnerable Software and Affected Versions AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 (affected versions not specified) AvertX Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438 (affected versions not specified)

Description The issue concerns the lack of enforcement for changing the default password for the admin account. Although a pop-up window suggests changing the password, an administrator can click Cancel and proceed without making any changes. Furthermore, the default username is disclosed within the login.js script. This makes the devices an easy target for malicious actors, as many IoT device attacks rely on default credentials.

Recommendations For AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838, consider changing the default admin password immediately to prevent unauthorized access. For AvertX Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438, change the default admin password as soon as possible to minimize the risk of exploitation. As a temporary workaround, restrict access to the login.js script to prevent disclosure of the default username until a more permanent solution is available.