CVE-2017-3185

Sažetak

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

Reference

http://www.securityfocus.com/bid/96720/info
https://twitter.com/hack3rsca/status/839599437907386368
https://twitter.com/Hfuhs/status/839252357221330944
https://www.kb.cert.org/vuls/id/355151

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:27

Objavljeno

16-12-2017 - 02:29