CVE-2018-12666 - CERT CVE

  1. CVE-2018-12666

ID CVE-2018-12666
Sažetak SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.
Reference
CVSS
Base: 7.5
Impact: 6.4
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 28-01-2019 - 13:46
Objavljeno 19-10-2018 - 22:29