AVer PTC310UV2 Information Disclosure Vulnerability

A vulnerability in the AVer PTC310UV2 camera, running firmware version 0.1.0000.59, allows remote attackers to obtain sensitive information through crafted requests. This issue arises from the web interface, where authentication is improperly handled by exposing usernames and passwords in unencrypted network traffic. The vulnerability was discovered during a penetration test, revealing flaws in the application's client-side authentication process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive credentials, such as usernames and passwords, which are exposed in clear text over the network.

Reproduction

The vulnerability can be reproduced by sending a request to the camera's web interface that triggers the authentication mechanism. The application will pull credentials from a specified endpoint and return them in an unencrypted format. Monitoring the network traffic will reveal the exposed usernames and passwords.