Vulnerabilities > Honeywell > Fusion IV REV C Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-11 CVE-2017-14263 Session Fixation vulnerability in Honeywell products
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI.
network
high complexity
honeywell CWE-384
8.1