CVE-2020-10181

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sumavision:enhanced_multimedia_router_firmware:3.0.4.27:*:*:*:*:*:*:*
cpe:2.3:h:sumavision:enhanced_multimedia_router:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:54

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory, VDB Entry
References () https://github.com/s1kr10s/Sumavision_EMR3.0 - Exploit, Third Party Advisory () https://github.com/s1kr10s/Sumavision_EMR3.0 - Exploit, Third Party Advisory
References () https://www.youtube.com/watch?v=Ufcj4D9eA5o - Exploit, Third Party Advisory () https://www.youtube.com/watch?v=Ufcj4D9eA5o - Exploit, Third Party Advisory

Information

Published : 2020-03-11 16:15

Updated : 2024-11-21 04:54


NVD link : CVE-2020-10181

Mitre link : CVE-2020-10181

CVE.ORG link : CVE-2020-10181


JSON object : View

Products Affected

sumavision

  • enhanced_multimedia_router
  • enhanced_multimedia_router_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)