CVE-2024-45175

HIGH

za-internet C-MOR Video Surveillance 5.2401 - Info Disclosure

Title source: llm

Description

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server.

References (3)

[Exploit, Vendor Advisory] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt

[Vendor Advisory] https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Sep/21

Scores

CVSS v3 8.8

EPSS 0.0066

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-312

Status published

Products (2)

c-mor/c-mor_video_surveillance 5.2401

c-mor/c-mor_video_surveillance 6.00 patch_level_01

Published Sep 05, 2024

Tracked Since Feb 18, 2026