CVE-2024-45175

Name of the Vulnerable Software and Affected Versions za-internet C-MOR Video Surveillance version 5.2401

Description An issue was discovered where sensitive information, such as login credentials of cameras, is stored in cleartext. This allows an attacker with filesystem access, potentially gained through exploiting a path traversal attack, to access the login data of all configured cameras or the configured FTP server.

Recommendations For za-internet C-MOR Video Surveillance version 5.2401, consider restricting filesystem access to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive information storage until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.