Session Hijacking Vulnerability in Arteco Web Client DVR/NVR
CVE-2020-36925

8.7HIGH

Key Information:

Vendor: Arteco-global
Status: Arteco Web Client Dvr/nvr
Vendor: CVE Published:; 6 January 2026

🔔 Create Arteco-global Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-36925?

The Arteco Web Client DVR/NVR is susceptible to a session hijacking vulnerability, which arises from insufficient complexity in session IDs. This flaw permits remote attackers to conduct brute force attacks within a specific numeric range, enabling them to guess valid session IDs. Once compromised, attackers can bypass authentication mechanisms and gain unauthorized access to live camera streams, posing a significant security threat.

Affected Version(s)

Arteco Web Client DVR/NVR Unknown

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36925 - Proof of Concept