Published: 11/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Honeywell NVR devices allow remote malicious users to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
honeywell enterprise_dvr_firmware -
honeywell maxpro_nvr_hybrid_se_firmware -
honeywell maxpro_nvr_hybrid_xe_firmware -
honeywell maxpro_nvr_se_firmware -
honeywell maxpro_nvr_xe_firmware -
honeywell fusion_iv_rev_c_firmware -
honeywell maxpro_nvr_pe_firmware -

Honeywell_NVR_vul CVE-2017-14263 xfuturesec Co, Ltd First, obtain the SessionID for a guest user We can find the SessionID from any http request Such as: POST 1921681104/RPC2 HTTP/11 Accept: text/javascript, text/html, application/xml, text/xml X-Requested-With: XMLHttpRequest X-Request: JSON Content-Type: application/x-www-form-urlencoded; charset=utf-8 Referer:

CWE-384 https://github.com/zzz66686/Honeywell_NVR_vul https://nvd.nist.gov https://github.com/zzz66686/CVE-2017-14263

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14263

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect