Improper Access Control in C-MOR Video Surveillance by za-internet
CVE-2024-45170

Currently unrated

Key Information:

Vendor: za-internet
Status: C-MOR Video Surveillance
Vendor: CVE Published:; 4 September 2024

🔔 Create za-internet Vulnerability Alert

What is CVE-2024-45170?

A vulnerability has been identified in C-MOR Video Surveillance version 5.2401, where improper access control allows low privileged users to exploit administrative functions via the web interface. The restriction of access to certain functionalities is only enforced on the user interface level, not on the server side. This oversight permits unauthorized users to send specific HTTP requests to the C-MOR web server, granting them access to sensitive actions such as downloading backup files and altering configuration settings.

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...

https://www-syss-de.translate.goog/pentest-blog/mehrere-s...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024