Full title: Arteco Web Client DVR/NVR Session Hijacking Vulnerability 
Category: local exploits
Platform: windows
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

# 0day.today @ http://0day.today/