ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/355151 | Third Party Advisory US Government Resource |
https://twitter.com/Hfuhs/status/839252357221330944 | Press/Media Coverage Third Party Advisory |
https://twitter.com/hack3rsca/status/839599437907386368 | Press/Media Coverage Third Party Advisory |
http://www.securityfocus.com/bid/96720/info | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-12-15 18:29
Updated : 2019-10-09 16:27
NVD link : CVE-2017-3185
Mitre link : CVE-2017-3185
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
acti
- camera_firmware