High severity8.8NVD Advisory· Published Jun 4, 2020· Updated Jun 17, 2026
CVE-2020-11679
CVE-2020-11679
Description
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Castel/NextGen DVRdescription
- Range: =1.0.0
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.htmlnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2020/Jun/8nvdExploitMailing ListThird Party Advisory
- www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypassnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.