Unauthenticated Configuration Download Vulnerability in ShenZhen Anni 5 in 1 XVR Devices

Unauthenticated Configuration Download Vulnerability in ShenZhen Anni 5 in 1 XVR Devices

CVE-2018-10770 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.

Learn more about our Web Application Penetration Testing UK.