68 matches found
CVE-2023-27055
Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...
Design/Logic Flaw
Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...
PT-2023-20919 · Aver Information · Ptzapp2
Name of the Vulnerable Software and Affected Versions: Aver Information Inc PTZApp2 version 20.01044.48 Description: The issue allows attackers to access sensitive files via a crafted GET request. Recommendations: For Aver Information Inc PTZApp2 version 20.01044.48, consider restricting access t...
AVer Information PTZApp 路径遍历漏洞
AVer Information PTZApp is an innovative freeware with an upgrade interface from AVer Information China. It is used to control AVer USB cameras. A security vulnerability exists in AVer Information PTZApp version v20.01044.48. An attacker has exploited the vulnerability to access sensitive files v...
CVE-2023-27055
Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...
CVE-2023-27055
The CVE-2023-27055 issue affects Aver Information PTZApp2 prior to update 2.0.1051.53. Affected software exposes a directory traversal (path traversal) vulnerability in the web UI running on localhost, permitting an attacker to read sensitive files via a crafted GET request. Root cause is insuffi...
CVE-2023-27055
Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...
Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets
Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...
Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability
Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
Vulnerability Note VU667480 AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities https://www.kb.cert.org/vuls/id/667480 Overview: AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including...
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6535
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...
Format string
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...
Hardcoded credentials
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...
Design/Logic Flaw
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
CVE-2016-6537
The CVE-2016-6537 entry relates to AVer Information EH6108H+ devices (firmware X9.03.24.00.07l and possibly earlier) that store passwords in base64 and expose credentials in HTTP cookies, enabling information exposure. Connected sources corroborate multiple vulnerabilities in the EH6108H+ DVR: ha...
CVE-2016-6536
The CVE-2016-6536 issue affects AVer Information EH6108H+ hybrid DVRs (firmware X9.03.24.00.07l and possibly earlier). The vulnerability enables remote attackers to bypass page-access restrictions or modify passwords by guessing the handle parameter value on the web interface /setup page, potenti...