On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: “1” to “0” privileges by changing the following cookie values from “is_admin”, “showConfig”. Administrative Privileges which allows changing various configuration in the camera.
CPE | Name | Operator | Version |
---|---|---|---|
cellinx_nvt_-_ip_ptz_camera_firmware | eq | 3.2.0 | |
cellinx_nvt_-_ip_ptz_camera_firmware | eq | 3.2.1 |