CVE-2020-7222 - An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login

CVE-2020-7222

Summary

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).

References

https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

18-01-2020 - 00:15

Published

18-01-2020 - 00:15

Last modified

18-01-2020 - 23:08