CVE-2020-7222

Name of the Vulnerable Software and Affected Versions Amcrest Web Server version 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504

Description An issue was discovered in the login page of the Amcrest Web Server, where it responds with JavaScript when attempting to authenticate. An attacker can bypass authentication by modifying the result parameter in the JavaScript code to true, achieving limited privileges. This allows the attacker to view every option but not modify them.

Recommendations For Amcrest Web Server version 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504, as a temporary workaround, consider restricting access to the login page until a patch is available. Avoid using the modified result parameter in the JavaScript code to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.