An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrators credentials in cleartext by sending a request against the server using curl with random credentials to /en/player/activex_pal.asp and successfully authenticating the application.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.