Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maxpro_nvr_hybrid_xe_firmware
(Honeywell)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-11 | CVE-2017-14263 | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | Enterprise_dvr_firmware, Fusion_iv_rev_c_firmware, Maxpro_nvr_hybrid_se_firmware, Maxpro_nvr_hybrid_xe_firmware, Maxpro_nvr_pe_firmware, Maxpro_nvr_se_firmware, Maxpro_nvr_xe_firmware | 8.1 |