CVE-2019-19299

Name of the Vulnerable Software and Affected Versions SiNVR/SiVMS Video Server versions prior to V5.0.0 SiNVR/SiVMS Video Server versions V5.0.0 through V5.0.1

Description A vulnerability has been identified in the streaming service of the SiVMS/SiNVR Video Server, which applies weak cryptography when exposing device passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks. The issue is related to the default port 5410/tcp.

Recommendations For versions prior to V5.0.0, update to version V5.0.0 or later. For versions V5.0.0 through V5.0.1, update to version V5.0.2 or later. As a temporary workaround, consider restricting access to the streaming service on port 5410/tcp to minimize the risk of exploitation.