CVE-2018-10770

CVE-2018-10770

EPSS 1.6%

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/D0neMkj/EXP_IOT/blob/master/CAMERA/XVR_camera/readme https://github.com/D0neMkj/EXP_IOT/tree/master/CAMERA/XVR_camera