Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| huntcctv | dvr-16ch_firmware | - |
| huntcctv | dr6-7316a4hl_firmware | - |
| huntcctv | dvr-08nc_firmware | - |
| huntcctv | dvr-04nc_firmware | - |
| vsp | tw-dvr604_firmware | - |
| huntcctv | hdr-08kd_firmware | - |
| huntcctv | dr6-704a4h_firmware | - |
| novuscctv | nv-dvr1204_firmware | - |
| hachi | hv-08rd_pro_firmware | - |
| capturecctv | cdr_0410ve_firmware | - |
| capturecctv | cdr_0820vde_firmware | - |
| novuscctv | nv-dvr1208_firmware | - |
| novuscctv | nv-dvr1216_firmware | - |
| huntcctv | dr6-708a4h_firmware | - |
| huntcctv | dvr-04ch_firmware | - |
| vsp | tw-dvr616_firmware | - |
| huntcctv | dvr-08ch_firmware | - |
| hachi | hv-04rd_pro_firmware | - |
| huntcctv | dr6-7316a4h_firmware | - |
| huntcctv | hdr-04kd_firmware | - |