PT-2022-22195 · Digital Watchdog · Dw Megapix Ip Cameras

Secgrant

Published

2022-07-19

Updated

2022-07-27

CVE-2022-34536

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029

Description The issue allows attackers to access the core log file and perform session hijacking via a crafted session token.

Recommendations For Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029, as a temporary workaround, consider restricting access to the core log file until a patch is available. Avoid using crafted session tokens in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2022-34536

Affected Products

Dw Megapix Ip Cameras

PT-2022-22195 · Digital Watchdog · Dw Megapix Ip Cameras

CVE-2022-34536

Weakness Enumeration

Related Identifiers

Affected Products

References · 6