CVE-2020-36925
Unknown Unknown - Not Provided
Session Hijacking in Arteco Web Client Enables Unauthorized Access

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: VulnCheck

Description
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36925
EUVD
EUVD-2026-0997
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
arteco arteco_web_client_dvr_nvr From 17129 (inc) to 17149 (inc)
arteco arteco_web_client_dvr_nvr From 100 (inc) to 1000 (inc)
arteco arteco_web_client_dvr_nvr From 1000 (inc) to 10000 (inc)
arteco arteco_web_client_dvr_nvr From 10000 (inc) to 100000 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-331 The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Arteco Web Client DVR/NVR system due to insufficient complexity and length of the 'SessionId' cookie used for session management. Because the session IDs are short and numeric within a specific range, an attacker can perform a brute force attack by systematically guessing session IDs until a valid one is found. Successfully guessing a valid session ID allows the attacker to bypass authentication and hijack user sessions, gaining unauthorized access to live camera streams managed by the system. [2, 3, 4, 5]

Impact Analysis

The impact of this vulnerability is that a remote attacker can bypass authentication without any privileges or user interaction by brute forcing session IDs. This enables unauthorized access to live camera streams, potentially exposing sensitive surveillance footage. Such unauthorized access compromises the confidentiality and integrity of the surveillance system, leading to privacy violations and security risks in environments relying on the Arteco DVR/NVR for video monitoring. [2, 3, 4, 5]

Detection Guidance

This vulnerability can be detected by attempting to brute force the 'SessionId' cookie within a specific numeric range using automated scripts. A Python3 exploit script is available that iterates over a range of session ID values (e.g., 17129 to 17149) and sends HTTP requests with each candidate session ID as a cookie to the target device. The script checks the server's response headers for the presence of the string 'artecomobile', which indicates a valid session and thus a successful detection of the vulnerability. The script targets the '/arteco-mobile/camera.fcgi' endpoint with specific query parameters. This method effectively tests whether session IDs can be guessed and if unauthorized access is possible. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the Arteco Web Client DVR/NVR system to trusted users only, such as by using firewall rules or VPNs to limit exposure. Additionally, monitoring for unusual session activity and applying any available vendor patches or updates is recommended. Since the vulnerability arises from weak session ID complexity, if possible, configure the system to use stronger session ID generation or implement additional authentication mechanisms. If vendor patches are not yet available, consider isolating the device from untrusted networks to prevent remote brute force attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36925. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart