CVE-2019-6698
First published: Fri Aug 23 2019(Updated: )
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortirecorder Firmware | <2.7.4 | |
| Fortinet Fortirecorder 100d | ||
| Fortinet Fortirecorder 200d | ||
| Fortinet Fortirecorder 400d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-6698?
CVE-2019-6698 is a Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4.
What is the severity of CVE-2019-6698?
The severity of CVE-2019-6698 is critical with a severity value of 9.8.
How can CVE-2019-6698 be exploited?
CVE-2019-6698 can be exploited by an unauthenticated attacker with knowledge of the hard-coded credentials and network access to FortiCameras.
How can I fix CVE-2019-6698?
To fix CVE-2019-6698, upgrade FortiRecorder to version 2.7.4 or above.
Where can I find more information about CVE-2019-6698?
You can find more information about CVE-2019-6698 at the FortiGuard advisory: [FG-IR-19-185](https://fortiguard.com/advisory/FG-IR-19-185)
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortirecorder firmware
- canonical/fortinet fortirecorder 100d
- canonical/fortinet fortirecorder 200d
- canonical/fortinet fortirecorder 400d