CSRF Vulnerability in MOBOTIX S14 MX-V4.2.1.61 Cameras Allows Unauthorized Account Creation

CSRF Vulnerability in MOBOTIX S14 MX-V4.2.1.61 Cameras Allows Unauthorized Account Creation

CVE-2019-12502 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.

Learn more about our Web Application Penetration Testing UK.