← Back

Castel

castel

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Nextgen Dvr Firmware
nextgen_dvr_firmware
4 CVEs
Nextgen Dvr
nextgen_dvr
0 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-11682
1Castel
1Nextgen Dvr Firmware
Jun 17, 2026
Jun 4, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified...Show more
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.Show less
CVE-2020-11681
1Castel
1Nextgen Dvr Firmware
Jun 17, 2026
Jun 4, 2020
N/A· v4
8.1 HIGH· v3
4.0 MEDIUM· v2
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
CVE-2020-11680
1Castel
1Nextgen Dvr Firmware
Jun 17, 2026
Jun 4, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform...Show more
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.Show less
CVE-2020-11679
1Castel
1Nextgen Dvr Firmware
Jun 17, 2026
Jun 4, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator...Show more
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.Show less