CVE-2020-36925 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authenticati…
High CVSS: 8.7

CVE-2020-36925

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
Vendor
-
Product
-
CWE
CWE-331
Yayın Tarihi
2026-01-06 16:15:50
Güncelleme
2026-01-08 18:09:23
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-331 HIGH 2026

Referanslar

https://cxsecurity.com/issue/WLB-2020120170 https://exchange.xforce.ibmcloud.com/vulnerabilities/193750 https://exchange.xforce.ibmcloud.com/vulnerabilities/194139 https://packetstorm.news/files/id/160718 https://www.arteco-global.com https://www.exploit-db.com/exploits/49348 https://www.vulncheck.com/advisories/arteco-web-client-dvrnvr-session-id-brute-force-authentication-bypass https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5613.php