Castel Nextgen Dvr Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Castel Nextgen Dvr Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-11679 — CVSS 8.8 (high): Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality…
CVE-2020-11681 — CVSS 8.1 (high): Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit…
CVE-2020-11680 — CVSS 6.5 (medium): Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a…
CVE-2020-11682 — CVSS 6.5 (medium): Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface…