Vulnerabilities > Castel > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2020-11681 Insufficiently Protected Credentials vulnerability in Castel Nextgen DVR Firmware 1.0.0
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext.
network
low complexity
castel CWE-522
8.1
8.1
2020-06-04 CVE-2020-11679 Missing Authorization vulnerability in Castel Nextgen DVR Firmware 1.0.0
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality.
network
low complexity
castel CWE-862
8.8
8.8