| Título | VIVOTEK NVR Core + 4.2.0.101 and below Cleartext Storage of Sensitive Information in GUI |
|---|
| Descrição | The Vivotek NVR (Network Video Recorder) is a digital video recording device used in IP security camera systems. Unfortunately, the devices presented below have an information disclosure vulnerability, where an authenticated user can alter the page's source code to read stored credentials by changing the text type from "password" to "text".
It is possible to identify that this is a vulnerability and not a feature due to the fact that the system does not present any type of option to display credentials hidden by bullet points.
Confirmed Vulnerable Products and Versions:
VIVOTEK NVR ND9541P - Version x.x.x.x - Device Pack v5.9.480
VIVOTEK NVR ND9525P - Version x.x.x.x - Device Pack v5.9.480
VIVOTEK NVR ND8422P - Version x.x.x.x - Device pack v5.9.494 and v5.9.460
Confirmed Patched Version:
Not Known Yet. |
|---|
| Fonte | ⚠️ https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md |
|---|
| Utilizador | Syrtain (UID 83345) |
|---|
| Submissão | 26/03/2025 23h54 (há 1 Ano) |
|---|
| Moderação | 07/04/2025 12h22 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 303648 [Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101 HTML Form Divulgação de Informação] |
|---|
| Pontos | 20 |
|---|