CVE-2020-11682
Description
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Castel NextGen DVR v1.0.0 is vulnerable to CSRF because the anti-CSRF token is not validated, allowing attackers to trick authenticated users into performing state-changing actions.
Vulnerability
Castel NextGen DVR version 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) in all state-changing requests. The web interface sets a __RequestVerificationToken parameter, but the application does not validate it; requests succeed even if the token is removed or arbitrary [1]. This affects all endpoints that modify state, such as user creation.
Exploitation
An attacker can craft a malicious web page that, when visited by an authenticated user, automatically sends a forged request to the DVR (e.g., creating a new admin user). No additional user interaction is required beyond visiting the page. The CSRF token is not checked, so the attacker can omit it or provide any value [1].
Impact
An attacker can perform any state-changing action with the privileges of the victim, including creating, modifying, or deleting users and altering device settings. This can lead to full compromise of the DVR’s administrative functions, potentially allowing unauthorized access to video feeds and system configuration.
Mitigation
As of the publication date, no official patch or fixed version has been released. The vendor (Castel) should implement proper server-side validation of the __RequestVerificationToken for all state-changing requests. Until then, administrators should restrict network access to the DVR web interface and ensure users do not browse untrusted sites while authenticated to the device [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Castel/NextGen DVRdescription
- Range: =1.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/157954/Castel-NextGen-DVR-1.0.0-Bypass-CSRF-Disclosure.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/Jun/8mitremailing-listx_refsource_FULLDISC
- www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.