Home / exploitsPDF  

Arteco Web Client DVR/NVR Session Hijacking

Posted on 24 December 2020

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

 

TOP