CVE-2020-7222
MEDIUMAmcrest Web Server 2.520.AC00.18.R - Unauthenticated Authentication Bypass via Result Parameter Manipulation
Title source: llmDescription
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html
Scores
CVSS v3
5.3
EPSS
0.0129
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (1)
amcrest/web_server
2.520.ac00.18.r
Published
Jan 18, 2020
Tracked Since
Feb 18, 2026