Reset Password Function Can Bypass Authentication
Warning number: GL-2025-0001
Initial release time: 2025-2-10
Update release time: Released with version plan
Summary:
The API for exporting certificates does not have identity verification enabled. If the password reset function using a certificate is enabled, the password can be reset using this exported certificate.
The CVE number for this vulnerability is: None.
Vulnerability information is discovered and provided by customers.
Sphere of impact:
Affected versions and models:
NVR 8.2.3
NVR 8.2.4
IPC 8.2.3
| Name | Version | Model |
|---|---|---|
| NVR | 8.2.3 |
N7XXX N8XXX N63XX N6312X N88X N88SX D32XX D33XX2C D33XX D315X D3312X H7004 H32tXX |
| NVR | 8.2.4 |
Same as above D75XX D75XX2C NA1XX |
| IPC | 8.2.3 | NT98528 SSC369G |
Impact and consequences:
If the device is not exposed to the public network, the impact is not significant. However, for devices exposed to the public network, the device password may be changed and private data may be stolen.
Vulnerability Scoring:
none.
Technical details:
Vulnerability details:
There are several ways to reset your password. One way is to export and save the certificate after successfully setting the password. If you forget your password, you can import the certificate as identity verification and reset your password. The vulnerability occurs because the API for exporting certificates does not perform identity verification, so the certificate can be exported at will, and then the password can be reset.
Temporary workaround:
Few devices are exposed to the public network, so no workaround is available yet. We will update this plan later.
Solution and version update plan:
Solution:
Add identity verification to the API for exporting certificates, and only admin users can export certificates.
Version update plan:
Updated with C1.2 version
Version acquisition method:
None
Vulnerability information sources and vulnerability exploitation:
We are currently not aware of any other public channels publishing the vulnerabilities mentioned in this article, nor are we aware of any cases where the vulnerabilities have been maliciously exploited.
Technical support channels:
None
Security Advisory Version Revision Information:
NVR IPC is updated starting from version C1.2.
FAQs:
None