CVE-2020-7222

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).

Published: Jan 18, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7222
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
amcrest / web_server	2.520.ac00.18.r	2.520.ac00.18.r.x

https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html

Vulnerability Database

289,697

CVE-2020-7222