An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).
References
Link | Resource |
---|---|
https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-17T23:40:39
Updated: 2020-01-17T23:40:39
Reserved: 2020-01-17T00:00:00
Link: CVE-2020-7222
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-18T00:15:12.357
Modified: 2020-01-29T16:23:01.200
Link: CVE-2020-7222
JSON object: View
Redhat Information
No data.
CWE