ID
VAR-201610-0733
TITLE
HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices
Trust: 0.6
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The HTTPTECH device has a HTTPS protocol certificate validation vulnerability. The SyncCloudAccount.sh, QueryFromClient.sh, and SyncPermit.sh scripts use wget to access the HTTPS website. By specifying the no-check-certificate parameter, an attacker exploits a vulnerability to bypass server certificate verification for a man-in-the-middle attack on HTTPS traffic.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08744 | Trust: 0.6 |
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2016-08744 |
LAST UPDATE DATE
2022-05-04T09:11:45.702000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08744 | date: | 2016-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08744 | date: | 2016-10-13T00:00:00 |