PT-2023-5879 · Qognify · Qognify Nicevision
Roni Gavrilov
·
Published
2023-10-05
·
Updated
2023-10-10
·
CVE-2023-2306
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qognify NiceVision versions 3.1 and prior
Description
The issue is related to the use of hard-coded credentials, which can be exploited by an attacker to retrieve sensitive information about cameras and users, as well as modify database records. Successful exploitation could allow an attacker to obtain information about the cameras managed by the platform and its users.
Recommendations
For Qognify NiceVision versions 3.1 and prior, consider changing the hard-coded credentials to unique, secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. Update to a version that does not use hard-coded credentials, if available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qognify Nicevision