Vulnerability-Lookup

CVE-2020-11680 (GCVE-0-2020-11680)

Vulnerability from cvelistv5 – Published: 2020-06-04 18:38 – Updated: 2024-08-04 11:35

Summary

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

Assigner

mitre

References

3 references

URL	Tags
https://www.securitymetrics.com/blog/attackers-kn…	x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Jun/8	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/157954/Caste…	x_refsource_MISC

Date Public

2020-06-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
          },
          {
            "name": "20200605 Castel NextGen DVR multiple CVEs",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-05T19:06:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
        },
        {
          "name": "20200605 Castel NextGen DVR multiple CVEs",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
              "refsource": "MISC",
              "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
            },
            {
              "name": "20200605 Castel NextGen DVR multiple CVEs",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11680",
    "datePublished": "2020-06-04T18:38:21.000Z",
    "dateReserved": "2020-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:13.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-11680",
      "date": "2026-06-25",
      "epss": "0.01166",
      "percentile": "0.63331"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8F4BE34-AC2F-4FE9-BDDE-C9E88FA59A0A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3513CE5-CB6F-43C0-B37A-D135C027310B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.\"}, {\"lang\": \"es\", \"value\": \"Castel NextGen DVR versi\\u00f3n v1.0.0, es vulnerable a una omisi\\u00f3n de autorizaci\\u00f3n en todas las funcionalidades del administrador. La aplicaci\\u00f3n presenta un fallo al comprobar que un administrador haya enviado una petici\\u00f3n. En consecuencia, un usuario normal puede llevar a cabo acciones que incluyen, entre otras, crear y modificar el almac\\u00e9n de archivos, crear y modificar alertas, crear y modificar usuarios, etc\"}]",
      "id": "CVE-2020-11680",
      "lastModified": "2024-11-21T04:58:23.167",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-04T19:15:12.773",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11680\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-04T19:15:12.773\",\"lastModified\":\"2024-11-21T04:58:23.167\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.\"},{\"lang\":\"es\",\"value\":\"Castel NextGen DVR versi\u00f3n v1.0.0, es vulnerable a una omisi\u00f3n de autorizaci\u00f3n en todas las funcionalidades del administrador. La aplicaci\u00f3n presenta un fallo al comprobar que un administrador haya enviado una petici\u00f3n. En consecuencia, un usuario normal puede llevar a cabo acciones que incluyen, entre otras, crear y modificar el almac\u00e9n de archivos, crear y modificar alertas, crear y modificar usuarios, etc\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F4BE34-AC2F-4FE9-BDDE-C9E88FA59A0A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3513CE5-CB6F-43C0-B37A-D135C027310B\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jun/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jun/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2021-24899

Vulnerability from cnvd - Published: 2021-04-04

Title

Castel NextGen DVR安全绕过漏洞

Description

Castel NextGen DVR是一款网络视频设备。 Castel NextGen DVR存在安全漏洞。该漏洞源于程序未能检查请求是否来自管理员。攻击者可利用该漏洞创建/修改文件库，创建/修改用户等。

Severity

中

Patch Name

Castel NextGen DVR安全绕过漏洞的补丁

Patch Description

Castel NextGen DVR是一款网络视频设备。 Castel NextGen DVR存在安全漏洞。该漏洞源于程序未能检查请求是否来自管理员。攻击者可利用该漏洞创建/修改文件库，创建/修改用户等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.castel.com/

Reference

https://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html

Impacted products

Name
Castel NextGen DVR 1.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11680"
    }
  },
  "description": "Castel NextGen DVR\u662f\u4e00\u6b3e\u7f51\u7edc\u89c6\u9891\u8bbe\u5907\u3002\n\nCastel NextGen DVR\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u67e5\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u7ba1\u7406\u5458\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa/\u4fee\u6539\u6587\u4ef6\u5e93\uff0c\u521b\u5efa/\u4fee\u6539\u7528\u6237\u7b49\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.castel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-24899",
  "openTime": "2021-04-04",
  "patchDescription": "Castel NextGen DVR\u662f\u4e00\u6b3e\u7f51\u7edc\u89c6\u9891\u8bbe\u5907\u3002\r\n\r\nCastel NextGen DVR\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u67e5\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u7ba1\u7406\u5458\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa/\u4fee\u6539\u6587\u4ef6\u5e93\uff0c\u521b\u5efa/\u4fee\u6539\u7528\u6237\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Castel NextGen DVR\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Castel NextGen DVR 1.0.0"
  },
  "referenceLink": "https://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-05",
  "title": "Castel NextGen DVR\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2020-11680

Vulnerability from fkie_nvd - Published: 2020-06-04 19:15 - Updated: 2026-06-17 02:50

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Jun/8	Mailing List, Third Party Advisory
cve@mitre.org	https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jun/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass	Third Party Advisory

Impacted products

	Vendor	Product	Version
	castel	nextgen_dvr_firmware	1.0.0
	castel	nextgen_dvr	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8F4BE34-AC2F-4FE9-BDDE-C9E88FA59A0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3513CE5-CB6F-43C0-B37A-D135C027310B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc."
    },
    {
      "lang": "es",
      "value": "Castel NextGen DVR versi\u00f3n v1.0.0, es vulnerable a una omisi\u00f3n de autorizaci\u00f3n en todas las funcionalidades del administrador. La aplicaci\u00f3n presenta un fallo al comprobar que un administrador haya enviado una petici\u00f3n. En consecuencia, un usuario normal puede llevar a cabo acciones que incluyen, entre otras, crear y modificar el almac\u00e9n de archivos, crear y modificar alertas, crear y modificar usuarios, etc"
    }
  ],
  "id": "CVE-2020-11680",
  "lastModified": "2026-06-17T02:50:36.267",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-04T19:15:12.773",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H68G-FQF5-WF74

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-11680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-04T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.",
  "id": "GHSA-h68g-fqf5-wf74",
  "modified": "2022-05-24T17:19:16Z",
  "published": "2022-05-24T17:19:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11680"
    },
    {
      "type": "WEB",
      "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-11680

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-11680

Aliases

CVE-2020-11680

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11680",
    "description": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.",
    "id": "GSD-2020-11680",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-11680"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11680"
      ],
      "details": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.",
      "id": "GSD-2020-11680",
      "modified": "2023-12-13T01:22:05.618981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-11680",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
            "refsource": "MISC",
            "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
          },
          {
            "name": "20200605 Castel NextGen DVR multiple CVEs",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
          },
          {
            "name": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11680"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
            },
            {
              "name": "20200605 Castel NextGen DVR multiple CVEs",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Jun/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-06-04T19:15Z"
    }
  }
}

VAR-202006-0043

Vulnerability from variot - Updated: 2023-12-18 12:27

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc. Attackers can use this vulnerability to create/modify file libraries, create/modify users, etc. All issues are associated with Castel NextGen DVR v1.0.0 and have been resolved in v1.0.1.

CVE-2020-11679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11679

Original Disclosure https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

Description A low privileged user can call functionality reserved for an Administrator which promotes a low privileged account to the Administrator role:

POST /Administration/Users/Edit/:ID HTTP/1.1

Host: $RHOST User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: $REVIEWER_COOKIES DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 349

UserId=:ID&Email=bypass%40test.com &FirstName=bypass&LastName=bypass&LDAPUser=false

&Roles%5B0%5D.RoleId=1&Roles%5B0%5D.IsSelected=true&Roles%5B0%5D.IsSelected=false

&Roles%5B1%5D.RoleId=3&Roles%5B1%5D.IsSelected=true&Roles%5B1%5D.IsSelected=false

&Roles%5B2%5D.RoleId=5&Roles%5B2%5D.IsSelected=true&Roles%5B2%5D.IsSelected=false &Locked=false

CVE-2020-11680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11680

Original Disclosure https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

Description The application does not perform an authorization check before functionality is performed. Low privileged users are prevented from browsing to pages that perform Administrator functionality using GET, however, functionality can be performed by directly crafting the associated POST request. This can be exploited to modify user accounts, modify the application, etc. Combined with the reported CSRF, CVE-2020-11682, any user of the application can be used to grant Administrator access to a malicious user.

CVE-2020-11681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11681

Original Disclosure https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass

Description Credentials are returned in cleartext in the source of the SMTP page. If a malicious user compromises an account. or exploits the CSRF to gain access to the application, the associated SMTP server/account could also be compromised.

CVE-2020-11682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11682

Original Disclosure https://www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrf

Description The application does not properly prevent CSRF; the __RequestVerificationToken, which is included with state changing requests, is not verified by the application - requests are successful even when the token is removed.

AARON BISHOP | Principal Penetration Tester CISSP, OSCP, OSWE [image: SecurityMetrics]

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0043",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nextgen dvr",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "castel",
        "version": "1.0.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:castel:nextgen_dvr_firmware:1.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:castel:nextgen_dvr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aaron Bishop",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-11680",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006191",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2021-24899",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006191",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-11680",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006191",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-24899",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-502",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc. Attackers can use this vulnerability to create/modify file libraries, create/modify users, etc. All issues are associated with *Castel NextGen DVR v1.0.0 *and have been\nresolved in v1.0.1*.*\n\n-------------------------------\n*CVE-2020-11679\n\u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11679\u003e*\n\n\n*Original Disclosure*\nhttps://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\n\n*Description*\nA low privileged user can call functionality reserved for an Administrator\nwhich promotes a low privileged account to the Administrator role:\n\nPOST /Administration/Users/Edit/:ID HTTP/1.1\n\u003e Host: $RHOST\n\u003e User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\u003e Firefox/52.0\n\u003e Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\n\u003e Accept-Language: en-US,en;q=0.5\n\u003e Accept-Encoding: gzip, deflate\n\u003e Cookie: $REVIEWER_COOKIES\n\u003e DNT: 1\n\u003e Connection: close\n\u003e Upgrade-Insecure-Requests: 1\n\u003e Content-Type: application/x-www-form-urlencoded\n\u003e Content-Length: 349\n\n\n\u003e UserId=:ID\u0026Email=bypass%40test.com\n\u003e \u0026FirstName=bypass\u0026LastName=bypass\u0026LDAPUser=false\n\u003e\n\u003e \u0026Roles%5B0%5D.RoleId=1\u0026Roles%5B0%5D.IsSelected=true\u0026Roles%5B0%5D.IsSelected=false\n\u003e\n\u003e \u0026Roles%5B1%5D.RoleId=3\u0026Roles%5B1%5D.IsSelected=true\u0026Roles%5B1%5D.IsSelected=false\n\u003e\n\u003e \u0026Roles%5B2%5D.RoleId=5\u0026Roles%5B2%5D.IsSelected=true\u0026Roles%5B2%5D.IsSelected=false\n\u003e \u0026Locked=false\n\n-------------------------------\n*CVE-2020-11680\n\u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11680\u003e*\n\n*Original Disclosure*\nhttps://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\n\n*Description*\nThe application does not perform an authorization check before\nfunctionality is performed.  Low privileged users are prevented from\nbrowsing to pages that perform Administrator functionality using GET,\nhowever, functionality can be performed by directly crafting the associated\nPOST request.   This can be exploited to modify user accounts, modify the\napplication, etc.  Combined with the reported CSRF, CVE-2020-11682, any\nuser of the application can be used to grant Administrator access to a\nmalicious user. \n-------------------------------\n*CVE-2020-11681\n\u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11681\u003e*\n\n*Original Disclosure*\nhttps://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass\n\n*Description*\nCredentials are returned in cleartext in the source of the SMTP page.  If a\nmalicious user compromises an account. or exploits the CSRF to gain access\nto the application,  the associated SMTP server/account could also be\ncompromised. \n-------------------------------\n*CVE-2020-11682\n\u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11682\u003e*\n\n*Original Disclosure*\nhttps://www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrf\n\n*Description*\nThe application does not properly prevent CSRF; the\n__RequestVerificationToken, which is included with state changing requests,\nis not verified by the application - requests are successful even when the\ntoken is removed. \n\nAARON BISHOP | Principal Penetration Tester CISSP, OSCP, OSWE [image:\nSecurityMetrics]\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "PACKETSTORM",
        "id": "157954"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "PACKETSTORM",
        "id": "157954",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "PACKETSTORM",
        "id": "157954"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "id": "VAR-202006-0043",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:27:28.673000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Digital Video Recorder (DVR)",
        "trust": 0.8,
        "url": "http://castle-cctv.kr/digital-video-recorder-dvr/"
      },
      {
        "title": "Patch for Castel NextGen DVR security bypass vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/255926"
      },
      {
        "title": "Castel NextGen DVR Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120744"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-863",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://packetstormsecurity.com/files/157954/castel-nextgen-dvr-1.0.0-bypass-csrf-disclosure.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2020/jun/8"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11680"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11680"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11679\u003e*"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11681\u003e*"
      },
      {
        "trust": 0.1,
        "url": "https://www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11681"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11680\u003e*"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11679"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11682"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11682\u003e*"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "PACKETSTORM",
        "id": "157954"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "db": "PACKETSTORM",
        "id": "157954"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "date": "2020-06-05T18:19:24",
        "db": "PACKETSTORM",
        "id": "157954"
      },
      {
        "date": "2020-06-04T19:15:12.773000",
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "date": "2020-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-24899"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-11680"
      },
      {
        "date": "2021-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Castel NextGen DVR Unauthorized authentication vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006191"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-502"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11680 (GCVE-0-2020-11680)

CNVD-2021-24899

FKIE_CVE-2020-11680

GHSA-H68G-FQF5-WF74

GSD-2020-11680

VAR-202006-0043

Tags

Sightings

Nomenclature