SB2019091910 - Information disclosure in Honeywell Performance IP Cameras and Performance NVRs
Published: September 19, 2019
Security Bulletin ID
SB2019091910
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2019-13523)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the integrated web server of the affected devices allows to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders). A remote attacker can gain unauthorized access to view device configuration information.
Remediation
Install update from vendor's website.