Product:

Maxpro_nvr_pe_firmware

(Honeywell)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2020-01-22 CVE-2020-6959 The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be... Hnmswvms_firmware, Hnmswvmslt_firmware, Maxpro_nvr_pe_firmware, Maxpro_nvr_se_firmware, Maxpro_nvr_xe_firmware, Mpnvrswxx_firmware 9.8
2020-01-22 CVE-2020-6960 The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote... Hnmswvms_firmware, Hnmswvmslt_firmware, Maxpro_nvr_pe_firmware, Maxpro_nvr_se_firmware, Maxpro_nvr_xe_firmware, Mpnvrswxx_firmware 9.8
2017-09-11 CVE-2017-14263 Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. Enterprise_dvr_firmware, Fusion_iv_rev_c_firmware, Maxpro_nvr_hybrid_se_firmware, Maxpro_nvr_hybrid_xe_firmware, Maxpro_nvr_pe_firmware, Maxpro_nvr_se_firmware, Maxpro_nvr_xe_firmware 8.1