High severity8.1NVD Advisory· Published Sep 11, 2017· Updated Jun 17, 2026
CVE-2017-14263
CVE-2017-14263
Description
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cpe:2.3:o:honeywell:enterprise_dvr_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:honeywell:fusion_iv_rev_c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:honeywell:maxpro_nvr_hybrid_se_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:maxpro_nvr_hybrid_xe_firmware:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:honeywell:maxpro_nvr_hybrid_xe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:honeywell:maxpro_nvr_xe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:honeywell:maxpro_nvr_pe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:honeywell:maxpro_nvr_se_firmware:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.