Security Advisory

CVE-2017-14263

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-09-11 09:00:00

Last updated 2024-08-05 19:20:41

Assigner mitre

State PUBLISHED

Description

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.

← Browse all CVEs View on cve.org ↗