ID
VAR-201610-0715
TITLE
AVTECH device login parameter exists login verification code bypass vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2016-08739
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a login verification code bypass vulnerability in the AVTECH device login parameter. When the login request contains the login=quick parameter, the attacker can use the vulnerability to bypass the verification code and use the brute force method to obtain the system login password.
Trust: 0.6
sources:
CNVD: CNVD-2016-08739
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08739
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08739
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2016-08739
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08739 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08739
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08739
SOURCES
| db: | CNVD | id: | CNVD-2016-08739 |
LAST UPDATE DATE
2022-05-04T09:57:01.530000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08739 | date: | 2016-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08739 | date: | 2016-10-12T00:00:00 |