CVE-2020-10513

The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
icatchincdvr_interface
𝑥
< 20200103
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d
https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html
https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d
https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html