Submit #467085: Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) , NVR5-8200PX 1.2.6.0R0.B180303h.1.D00.U2(4A21S), 1.2.6.0R0.B180303h.1.D00.U2(4A21T), 1.2.6.0R0.B180303h.1.N0K.U2(8A218), 1.2.6.0R0.B180303h.1 Information Disclosinfo

TitleProvision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) , NVR5-8200PX 1.2.6.0R0.B180303h.1.D00.U2(4A21S), 1.2.6.0R0.B180303h.1.D00.U2(4A21T), 1.2.6.0R0.B180303h.1.N0K.U2(8A218), 1.2.6.0R0.B180303h.1 Information Disclos
DescriptionA security vulnerability has been identified in multiple Provision-ISR DVR devices including SH-4050A-2, SH-4100A-2L(MM) and SH-8100A-2L(MM). This vulnerability allows unauthorized disclosure of sensitive device information due to insufficient access controls on the device's web server. An attacker could exploit this vulnerability to engage in further unauthorized activities, affecting over 182,000 devices on the Internet.
Source⚠️ https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6?pvs=4
User
 netsecfish (UID 64568)
Submission12/20/2024 01:05 PM (6 months ago)
Moderation01/04/2025 09:57 AM (15 days later)
StatusAccepted
VulDB Entry290203 [Provision-ISR SH-4050A-2 up to 20241220 /server.js information disclosure]
Points16

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!