CVE-2023-3805

Name of the Vulnerable Software and Affected Versions Xiamen Four Letter Video Surveillance Management System versions up to 20230712

Description A critical issue has been found in the library UserInfoAction.class of the component Login, affecting some unknown processing. This leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Xiamen Four Letter Video Surveillance Management System versions up to 20230712, consider disabling the Login component or restricting access to the UserInfoAction.class library until a patch is available. As a temporary workaround, restrict the use of the Login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.