CVE-2019-6698

CRITICAL

FortiRecorder Firmware < 2.7.4 - Unauthenticated Use of Hard-coded Credentials

Title source: llm

Description

Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://fortiguard.com/advisory/FG-IR-19-185

Scores

CVSS v3 9.8

EPSS 0.0085

EPSS Percentile 75.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

fortinet/fortirecorder_firmware < 2.7.4

Published Aug 23, 2019

Tracked Since Feb 18, 2026