PT-2020-12769 · Castel · Castel Nextgen Dvr

Published

2020-06-04

Updated

2020-06-10

CVE-2020-11681

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Castel NextGen DVR version 1.0.0

Description The issue allows low-privileged users to exploit the fact that credentials for the associated SMTP server are stored and displayed in cleartext. This can be used to create an administrator user and obtain the SMTP credentials.

Recommendations For Castel NextGen DVR version 1.0.0, consider restricting access to the SMTP server configuration to prevent low-privileged users from exploiting the cleartext credentials. As a temporary workaround, limit the creation of new administrator users until a fix is available.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-11681

Affected Products

Castel Nextgen Dvr

PT-2020-12769 · Castel · Castel Nextgen Dvr

CVE-2020-11681

Weakness Enumeration

Related Identifiers

Affected Products

References · 6