Title: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure Advisory ID: ZSL-2019-5532 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 08.09.2019 Summary: Rifatron, a leading CCTV/video surveillance security system manufacturer, supplies and services the security market. The DDRs (Digital Video Recorders) by Rifatron suffer from an unauthenticated and unauthorized live stream disclosure when script is called through Mobile Web Viewer module. Vendor: Rifatron Co., Ltd. Affected Version: 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) 7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2) Firmware: References: [1] https://www.exploit-db.com/exploits/47368 [2] https://packetstormsecurity.com/files/154417 [3] https://cxsecurity.com/issue/WLB-2019090065 [4] https://exchange.xforce.ibmcloud.com/vulnerabilities/166805 Changelog: [08.09.2019] - Initial release [17.09.2019] - Added reference [1], [2], [3] and [4] Contact: Zero Science Lab Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk