Vulnerabilities > Honeywell > Maxpro NVR PE Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 8.1 |