CVE-2022-41436 An issue in TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via the URL http://device_ip/index1.html.
This might allow an attacker to change settings, such as changing a password, or change the administrator. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view the list of available cameras via browsing to the URL http://device_ip/admin/list.html. An attacker might be able to view other users’ cameras via this option. An attacker can also access the list of available cameras by browsing to the URL http://device_ip/admin/list_cameras.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view
Authentication, Authorization and Access Control (A3)
This vulnerability might allow an attacker to change settings, such as changing a password, or change the administrator. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view the list of available cameras via browsing to the URL http://device_ip/admin/list.html. An attacker might be able to view other users’ cameras via this option. An attacker can also access the list of available cameras by browsing to the URL http://device_ip/admin/list_cameras.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them. Another issue with OXHOO TP50 OXH1.50 allows unauthenticated attackers to view information about the camera, such as the model, the serial number, and so on, via browsing to the URL http://device_ip/admin/information.html. An attacker might be able to view other users’ cameras via this option. This might allow an attacker to access other users’ cameras and steal data from them.
Timeline
Published on: 10/14/2022 21:15:00 UTC
Last modified on: 10/18/2022 18:59:00 UTC