CVE-2019-19297

Name of the Vulnerable Software and Affected Versions SiNVR/SiVMS Video Server versions prior to V5.0.0

Description A path traversal vulnerability has been identified in the streaming service of the SiVMS/SiNVR Video Server, which could allow an unauthenticated remote attacker to access and download arbitrary files from the server. The issue is related to incorrect restriction of the path name to a directory with limited access. This could enable a remote attacker to obtain protected information.

Recommendations For versions prior to V5.0.0, update to version V5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the streaming service on the default port 5410/tcp to minimize the risk of exploitation.