Critical severity9.8NVD Advisory· Published May 9, 2018· Updated Jun 17, 2026
CVE-2018-10770
CVE-2018-10770
Description
download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.
Affected products
1Patches
Vulnerability mechanics
References
2- github.com/D0neMkj/EXP_IOT/tree/master/CAMERA/XVR_cameranvdExploitThird Party Advisory
- github.com/D0neMkj/EXP_IOT/blob/master/CAMERA/XVR_camera/readmenvdThird Party Advisory
News mentions
0No linked articles in our index yet.