CVE-2017-3185

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
References
Link Resource
https://www.kb.cert.org/vuls/id/355151 Third Party Advisory US Government Resource
https://twitter.com/Hfuhs/status/839252357221330944 Press/Media Coverage Third Party Advisory
https://twitter.com/hack3rsca/status/839599437907386368 Press/Media Coverage Third Party Advisory
http://www.securityfocus.com/bid/96720/info Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*

Information

Published : 2017-12-15 18:29

Updated : 2019-10-09 16:27


NVD link : CVE-2017-3185

Mitre link : CVE-2017-3185


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

acti

  • camera_firmware