216.73.217.64

CVE-2024-5631

· Published 09/07/2024 11:15 · Modified 09/07/2024 21:15

Labels: CVE-2024-5631 2024-07-09CVE-2024-5631CWE-319[email protected]

Essential information

Published
09/07/2024 11:15
Modified
09/07/2024 21:15
Author
Creator
CISA KEV
No
CWE

Description

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream.  The credentials are being sent when a user decides to change his password in router's portal.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References