Critical severity9.8NVD Advisory· Published Jan 6, 2026· Updated Apr 15, 2026
CVE-2020-36925
CVE-2020-36925
Description
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
8- cxsecurity.com/issue/WLB-2020120170nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/193750nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/194139nvd
- packetstorm.news/files/id/160718nvd
- www.arteco-global.comnvd
- www.exploit-db.com/exploits/49348nvd
- www.vulncheck.com/advisories/arteco-web-client-dvrnvr-session-id-brute-force-authentication-bypassnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5613.phpnvd
News mentions
0No linked articles in our index yet.