CVEs-PoC/2020/CVE-2020-10181.md

CVE-2020-10181

Description

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<1>administrator<1>123456 request.

POC

Reference

• http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html
• https://www.youtube.com/watch?v=Ufcj4D9eA5o

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/s1kr10s/Sumavision_EMR3.0