CVE-2020-7222

Published: Jan 18, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).

Affected (1)

Products: Amcrest: Web Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Amcrest Web Server	Version 2.520.ac00.18.r

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.