vendor:
EDSR series
by:
Andrea Fabrizi
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: EDSR series
Affected Version From: 1.4
Affected Version To: 1.4 and older
Patch Exists: NO
Related CWE: N/A
CPE: a:everfocus:edsr_series
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Everfocus EDSR series Authentication Bypass
The EDSR firmware does not handle user authentication and sessions correctly, allowing an attacker to connect to a remote DVR without a username and password and view the live cams.
Mitigation:
The vendor has been informed of the vulnerability, but there is no solution at this time.