Vulnerabilities (CVE)

Filtered by vendor Castel Subscribe

Filtered by product Nextgen Dvr

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-11679	1 Castel	2 Nextgen Dvr, Nextgen Dvr Firmware	2021-07-21	6.5 MEDIUM	8.8 HIGH
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.
CVE-2020-11681	1 Castel	2 Nextgen Dvr, Nextgen Dvr Firmware	2020-06-10	4.0 MEDIUM	8.1 HIGH
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.