The NETObserve PC surveillance software uses a web service to provide remote access to the monitored PC. This web service requires a username and password to access, however this authentication can be bypassed by specifying the cookie value of 'login=0'. Once access has been obtained, all features of the NetObserve system are available, including the ability to upload files and execute commands.
Unknown or Incomplete
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Configure the NETObserve service to only allow trusted IP addresses to connect.