CVE-2024-5631

Description

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting users login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream.  The credentials are being sent when a user decides to change his password in routers portal.