CVE-2024-45175 Information

Description

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information for example login credentials of cameras is stored in cleartext. Thus an attacker with filesystem access for example exploiting a path traversal attack has access to the login data of all configured cameras or the configured FTP server.

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030