CVE-2019-20085 Scanner

The TVT NVMS-1000 is a device used for video surveillance. This network video management system (NVMS) is popular due to its scalability and user-friendly interface. It allows users to connect to multiple cameras and devices, record video footage, and manage their security system from one centralized location. With its advanced features and ease of use, it is widely deployed in various industries and organizations, such as banks, hospitals, and retail stores.

However, the TVT NVMS-1000 has a serious vulnerability that could compromise the security of the whole system. CVE-2019-20085 is a directory traversal vulnerability that allows an attacker to bypass the authentication process and access sensitive files and directories on the device. This vulnerability is caused by the lack of input validation and sanitization in the device's web application, and it can be exploited remotely without authentication.

If this vulnerability is exploited, an attacker can access and download sensitive data, such as passwords, user information, camera streams, and recorded footage. They can also modify the system configuration, install malware, or launch other attacks to compromise the device and the network it is connected to. This can lead to data theft, privacy violations, and even physical security threats.

s4e.io is a platform that helps users to identify and mitigate vulnerabilities in their digital assets. With its advanced scanning and reporting capabilities, users can easily and quickly discover hidden vulnerabilities and get actionable recommendations to improve their security posture. By subscribing to the platform, users can stay ahead of the latest threats and protect their assets from various cyber-attacks.

REFERENCES

• http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html
• https://www.exploit-db.com/exploits/47774