Headline
CVE-2023-33741: record/macrovideo_share.md at main · zzh-newlearner/record
Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device.
Permalink
Cannot retrieve contributors at this time
com.macrovideo.v380pro 1.4.97 has Incorrect Access Control****Vulnerability Type:
Incorrect Access Control
Vulnerability Version:
1.4.97
Recurring environment
≥Android 7.0
Vulnerability Description AND recurrence:
When someone shares the device, the cloud service sends device_id and password of the device to the user Although the device owner unshares the device, the user can still get alarm message with the device id and device password (The image content is BASE64 encoded)