CVE-2020-10513

EUVD-2020-2966
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
icatchincdvr_interface
𝑥
< 20200103
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d
https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html
https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d
https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html