Executive Summary

This vulnerability is an inadequate access control issue in Davantis DDFUSION version 6.177.7. It allows unauthorized actors to access and retrieve perspective parameters from security camera settings by accessing the endpoint "/cameras/<CAMERA_ID>/perspective" without proper authorization. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow unauthorized individuals to access sensitive configuration details of security cameras, potentially compromising the security and privacy of the monitored areas. This could lead to misuse or manipulation of camera settings and reduce the effectiveness of security monitoring. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by attempting to access the endpoint "/cameras/<CAMERA_ID>/perspective" on your Davantis DDFUSION v6.177.7 system without authentication. For example, using curl: curl -v http://<DFUSION_SERVER>/cameras/<CAMERA_ID>/perspective If the response returns perspective parameters without requiring authorization, the system is vulnerable. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Davantis DDFUSION to version 6.186.1 or later, where this vulnerability has been fixed. Until then, restrict network access to the vulnerable endpoint and implement additional access controls to prevent unauthorized access. [1]

Useful 0 Not Useful 0