Unauthenticated Configuration Download Vulnerability in ShenZhen Anni 5 in 1 XVR Devices
CVE-2018-10770 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.
Learn more about our Web Application Penetration Testing UK.