Vulnerability Description
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Castel | Nextgen Dvr Firmware | 1.0.0 |
| Castel | Nextgen Dvr | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRFThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Jun/8Mailing ListThird Party Advisory
- https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypasThird Party Advisory
- http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRFThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Jun/8Mailing ListThird Party Advisory
- https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypasThird Party Advisory
FAQ
What is CVE-2020-11680?
CVE-2020-11680 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a nor...
How severe is CVE-2020-11680?
CVE-2020-11680 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11680?
Check the references section above for vendor advisories and patch information. Affected products include: Castel Nextgen Dvr Firmware, Castel Nextgen Dvr.