Nextgen Dvr Firmware
Monthly
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.