Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Arecont Vision NVR No Administrator Vulnerability

Information

Severity

Severity

High

Family

Family

Default Accounts

CVSSv2 Base

CVSSv2 Base

8.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:C/A:N

Solution Type

Solution Type

Mitigation

Created

Created

5 years ago

Modified

Modified

5 years ago

Summary

The script checks if the installation of Arecont Vision's NVR software has no administrator user set at the remote web server.

Insight

Insight

The configuration of Arecont Vision's NVR software incomplete or misconfigured. Arecont Vision cameras do not ship with authentication enabled. It is up to the user to enable authentication, which means that initially, everyone can have access to the live camera feed and all configurations, including setting up an administrator user themselves.

Detection Method

Detection Method

Checks if authentication is requested by the server to access information about the presence of an admin user.

Solution

Solution

Create an administrator user as soon as possible, to avoid exposing your live camera feed and configuration. Always choose a secure password and never choose common guessable default credentials such as 'admin:admin'.