CVE-2019-19290

Name of the Vulnerable Software and Affected Versions SiNVR 3 Central Control Server (CCS) versions prior to V1.5.0 SiNVR 3 Video Server (all versions)

Description A path traversal vulnerability exists in the DOWNLOADS section of the web interface of the Control Center Server (CCS). This vulnerability could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. The issue is related to incorrect path restriction in the web interface, which may enable a remote attacker to access the file system of the servers, allowing file downloads and potentially other malicious actions.

Recommendations For SiNVR 3 Central Control Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. For SiNVR 3 Video Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the DOWNLOADS section in the web interface of the Control Center Server (CCS) to minimize the risk of exploitation.