CVE-2020-11680

Vulnerability

Castel NextGen DVR version 1.0.0 contains an authorization bypass vulnerability affecting all administrator functionality. The application does not verify that a request originates from an administrative user. As a result, any authenticated user, regardless of their assigned role, can access and execute privileged operations such as creating or modifying file stores, alerts, and users [1][2].

Exploitation

An attacker with a valid low-privileged account can directly call the administrative endpoints without proper authorization checks. The attack does not require any additional privileges or user interaction beyond authenticating to the application. By sending crafted HTTP requests (GET, POST, PUT) to the relevant administration URLs, the attacker can perform actions reserved for administrators [1].

Impact

Successful exploitation allows an attacker to gain full administrative control over the Castel NextGen DVR system. This includes the ability to create or modify users (including elevating their own account to admin), alter alerts, and change file store configurations. The impact is complete compromise of confidentiality, integrity, and availability of the DVR system [1][2].

Mitigation

As of the publication date (June 4, 2020), no fixed version was available for Castel NextGen DVR v1.0.0. Operators should restrict network access to the administrative interface to trusted users only and monitor for unauthorized access attempts. Continuing the use of this software without a patch carries significant risk [1].