# Amcrest 2.520.AC00.18.R Login Bypass
Amcrest is a brand of security cams, CCTV, IP.
[](https://images.seebug.org/1583428621971-w331s)
The web server used, version 3.2.1.453504 (and firmware 2.520.AC00.18.R) is
vulnerable to a Login Bypass. Commonly the web server is hosted in the 8080
port. When you try to log-in with admin account and any password, you will not
log-in obviously due to incorrect credentials.

The interesting part is the response body of the Web Server. If we use
BurpSuite to check what the server is responding, we'll notice that is a
simple Javascript. And the most interesting parameter is the "result".
## 
Request
## 
Response
So, what will happen if we try to change that result parameter to true?
Lets create a Match and Replace string in Burp.

Let's try again and log in.

We can see that response was modified correctly by Burp, and the consequence
is we have access now.



The access is limited, we cannot modify parameters but we are not anonymous.
We have full access to all options available.
CVE-2020-7222
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7222>
暂无评论