CVE-2019-18339

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.

Source: CVE-2019-18339