This might allow an attacker to change settings, such as changing a password, or change the administrator. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view the list of available cameras via browsing to the URL http://device_ip/admin/list.html. An attacker might be able to view other users’ cameras via this option. An attacker can also access the list of available cameras by browsing to the URL http://device_ip/admin/list_cameras.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view

Authentication, Authorization and Access Control (A3)

This vulnerability might allow an attacker to change settings, such as changing a password, or change the administrator. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view the list of available cameras via browsing to the URL http://device_ip/admin/list.html. An attacker might be able to view other users’ cameras via this option. An attacker can also access the list of available cameras by browsing to the URL http://device_ip/admin/list_cameras.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them.

Timeline

Published on: 10/14/2022 21:15:00 UTC
Last modified on: 10/18/2022 18:59:00 UTC

References