Skip to content

Latest commit

 

History

History
28 lines (20 loc) · 730 Bytes

yingshi_privacy.md

File metadata and controls

28 lines (20 loc) · 730 Bytes

com.videogo 6.8.1 has Incorrect Access Control

Vulnerability Type:

Incorrect Access Control

Vulnerability Version:

6.8.1

Recurring environment

≥Android 7.0

Vulnerability Description AND recurrence:

When obtaining alarm information, the device ID is included in the request, The picture in the response is in the Location field get_alarm get_alarm_response After changing the device ID, you can get the image URL of the corresponding device change device With this URL, you can access the alarm image without permission see_pic