ID
VAR-201610-0728
TITLE
AVTECH Device Cookie Has Login Verification Code Bypass Vulnerability
Trust: 0.6
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a login verification code bypass vulnerability in AVTECH device cookies. The AVTECH device uses the base64 encoded username and password as the value of the cookie instead of the random session ID. When the logged in user's IP address is not stored, the attacker exploits the vulnerability to manually set the cookie value, bypassing the login verification code verification.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08740 | Trust: 0.6 |
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2016-08740 |
LAST UPDATE DATE
2022-05-04T10:16:22.735000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08740 | date: | 2016-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08740 | date: | 2016-10-13T00:00:00 |