Skip to main content

H 264 Poe Ip Camera Firmware CVE-2018-12674

MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2018-10-19 cve@mitre.org
5.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 19, 2018 - 22:29 nvd
MEDIUM 5.7

DescriptionNVD

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account.

AnalysisAI

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account. Affected products include: Sv3C H.264 Poe Ip Camera Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-12671 CRITICAL POC
9.8 Oct 19

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B2

CVE-2018-12670 CRITICAL POC
9.8 Oct 19

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injec

CVE-2018-12668 CRITICAL POC
9.8 Oct 19

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Pass

CVE-2018-12667 CRITICAL POC
9.8 Oct 19

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improp

CVE-2018-12666 CRITICAL POC
9.8 Oct 19

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication le

CVE-2018-12669 HIGH POC
8.8 Oct 19

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authentic

CVE-2018-12673 HIGH POC
7.5 Oct 19

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B2

CVE-2018-12675 MEDIUM POC
6.1 Oct 19

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin

CVE-2018-12672 MEDIUM POC
5.4 Oct 19

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input a

Share

CVE-2018-12674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy