CVE-2020-36925
Session Hijacking in Arteco Web Client Enables Unauthorized Access
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arteco | arteco_web_client_dvr_nvr | From 17129 (inc) to 17149 (inc) |
| arteco | arteco_web_client_dvr_nvr | From 100 (inc) to 1000 (inc) |
| arteco | arteco_web_client_dvr_nvr | From 1000 (inc) to 10000 (inc) |
| arteco | arteco_web_client_dvr_nvr | From 10000 (inc) to 100000 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-331 | The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Arteco Web Client DVR/NVR system due to insufficient complexity and length of the 'SessionId' cookie used for session management. Because the session IDs are short and numeric within a specific range, an attacker can perform a brute force attack by systematically guessing session IDs until a valid one is found. Successfully guessing a valid session ID allows the attacker to bypass authentication and hijack user sessions, gaining unauthorized access to live camera streams managed by the system. [2, 3, 4, 5]
How can this vulnerability impact me? :
The impact of this vulnerability is that a remote attacker can bypass authentication without any privileges or user interaction by brute forcing session IDs. This enables unauthorized access to live camera streams, potentially exposing sensitive surveillance footage. Such unauthorized access compromises the confidentiality and integrity of the surveillance system, leading to privacy violations and security risks in environments relying on the Arteco DVR/NVR for video monitoring. [2, 3, 4, 5]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to brute force the 'SessionId' cookie within a specific numeric range using automated scripts. A Python3 exploit script is available that iterates over a range of session ID values (e.g., 17129 to 17149) and sends HTTP requests with each candidate session ID as a cookie to the target device. The script checks the server's response headers for the presence of the string 'artecomobile', which indicates a valid session and thus a successful detection of the vulnerability. The script targets the '/arteco-mobile/camera.fcgi' endpoint with specific query parameters. This method effectively tests whether session IDs can be guessed and if unauthorized access is possible. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the Arteco Web Client DVR/NVR system to trusted users only, such as by using firewall rules or VPNs to limit exposure. Additionally, monitoring for unusual session activity and applying any available vendor patches or updates is recommended. Since the vulnerability arises from weak session ID complexity, if possible, configure the system to use stronger session ID generation or implement additional authentication mechanisms. If vendor patches are not yet available, consider isolating the device from untrusted networks to prevent remote brute force attacks.