Milestone Customer Support
Article number:  000003401
Article type:  Cyber Security
Article audience:  Professional
Category type:  Usage
Product:  M10
Type:  Device issue
Version:  2
First published:  09/13/2017
Last modified:  06/01/2018

Husky M10 privilege escalation issue

Issue: An authorized standard user is able to escalate account to administrator level by manipulating client-side parameters in the web browser.

The reason for this is that the parameters are not validated on the server side.

How to fix the issue?

  1. Connect the Husky M10 unit to the Internet.
  2. Within 48 hours the M10 will detect an update available.
  3. The user will be prompted to accept the upgrade.
  4. Husky M10 will download and install the software update.
  5. The unit will automatically reboot and the potential security issue will be eliminated.