Submit #467085: Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) , NVR5-8200PX 1.2.6.0R0.B180303h.1.D00.U2(4A21S), 1.2.6.0R0.B180303h.1.D00.U2(4A21T), 1.2.6.0R0.B180303h.1.N0K.U2(8A218), 1.2.6.0R0.B180303h.1 Information Disclosinfo

TitleProvision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) , NVR5-8200PX 1.2.6.0R0.B180303h.1.D00.U2(4A21S), 1.2.6.0R0.B180303h.1.D00.U2(4A21T), 1.2.6.0R0.B180303h.1.N0K.U2(8A218), 1.2.6.0R0.B180303h.1 Information Disclos
DescriptionA security vulnerability has been identified in multiple Provision-ISR DVR devices including SH-4050A-2, SH-4100A-2L(MM) and SH-8100A-2L(MM). This vulnerability allows unauthorized disclosure of sensitive device information due to insufficient access controls on the device's web server. An attacker could exploit this vulnerability to engage in further unauthorized activities, affecting over 182,000 devices on the Internet.
Source⚠️ https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6?pvs=4
User
 netsecfish (UID 64568)
Submission12/20/2024 13:05 (1 Year ago)
Moderation01/04/2025 09:57 (15 days later)
StatusAccepted
VulDB entry290203 [Provision-ISR SH-4050A-2 up to 20241220 /server.js information disclosure]
Points16

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!