【Security Vulnerability Warning】TVN/CVE vulnerability information - iCatch DVR

Subject: 【Security Vulnerability Warning】TVN/CVE vulnerability information - iCatch DVR

• Description:
  • TWCERT/CC security alert forward: TWCERTCC-ANA-202004-0004
  • TWCERT/CC released a security vulnerability about iCatch DVR, the details are as follows:
    1. iCatch DVR - Broken Access Control
       • TVN ID: TVN-202001009
       • CVE ID: CVE-2020-10513
       • Affected Products:
         • iCatch DVR firmware before 20200103
         • CVSS3.1: 8.8(High)(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
       • Link: https://www.twcert.org.tw/en/cp-139-3543-d2e63-2.html
    2. iCatch DVR - Command Injection
       • TVN ID: TVN-202001010
       • CVE ID: CVE-2020-10514
       • Affected Products:
         • iCatch DVR firmware before 20200103
         • CVSS3.1: 7.5(High)
           (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
       • Link: https://www.twcert.org.tw/en/cp-139-3544-0df91-2.html
• Impacted platform: iCatch DVR
• Recommended practices:
  • Please check the version of related products and update to the latest version.

Network System Division
Computer and Communication Center