VYPR
High severity8.1NVD Advisory· Published Sep 11, 2017· Updated Jun 17, 2026

CVE-2017-14263

CVE-2017-14263

Description

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.