Details of VAR-201610-0706

ID

VAR-201610-0706

TITLE

Cross-site request forgery (CSRF) vulnerability exists in AVTECH devices

Trust: 0.6

sources: CNVD: CNVD-2016-08706

DESCRIPTION

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. A cross-site request forgery (CSRF) vulnerability exists in AVTECH devices. The attacker successfully exploited the vulnerability to modify the device configuration.

Trust: 0.6

sources: CNVD: CNVD-2016-08706

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-08706

AFFECTED PRODUCTS

vendor:	avtech	model:	dvr	scope:	-	version:	-	Trust: 0.6
vendor:	avtech	model:	nvr	scope:	-	version:	-	Trust: 0.6
vendor:	avtech	model:	ip camera	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-08706

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-08706
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-08706
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-08706

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-08706

Trust: 0.6

sources: CNVD: CNVD-2016-08706

REFERENCES

url:	http://seclists.org/bugtraq/2016/oct/26	Trust: 0.6
url:	http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities	Trust: 0.6

sources: CNVD: CNVD-2016-08706

SOURCES

db:

CNVD

id:

CNVD-2016-08706

LAST UPDATE DATE

2022-05-04T10:04:52.956000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-08706

date:

2016-10-12T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-08706

date:

2016-10-12T00:00:00