Vulnerabilities > CVE-2020-11680 - Missing Authorization vulnerability in Castel Nextgen DVR Firmware 1.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

castel

CWE-862

NVD

Published: 2020-06-04

Updated: 2021-07-21

Summary

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.

Vulnerable Configurations

Part	Description	Count
OS	Castel Castel Nextgen DVR Firmware 1.0.0	1
Hardware	Castel Castel Nextgen DVR -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/157954/castelnextgendvr100-bypassdisclosexsrf.txt
id	PACKETSTORM:157954
last seen	2020-06-06
published	2020-06-05
reporter	Aaron Bishop
source	https://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html
title	Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References