CVE-2017-3185

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
References
Link Resource
http://www.securityfocus.com/bid/96720/info Third Party Advisory VDB Entry
https://twitter.com/Hfuhs/status/839252357221330944 Press/Media Coverage Third Party Advisory
https://twitter.com/hack3rsca/status/839599437907386368 Press/Media Coverage Third Party Advisory
https://www.kb.cert.org/vuls/id/355151 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/96720/info Third Party Advisory VDB Entry
https://twitter.com/Hfuhs/status/839252357221330944 Press/Media Coverage Third Party Advisory
https://twitter.com/hack3rsca/status/839599437907386368 Press/Media Coverage Third Party Advisory
https://www.kb.cert.org/vuls/id/355151 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/96720/info - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/96720/info - Third Party Advisory, VDB Entry
References () https://twitter.com/Hfuhs/status/839252357221330944 - Press/Media Coverage, Third Party Advisory () https://twitter.com/Hfuhs/status/839252357221330944 - Press/Media Coverage, Third Party Advisory
References () https://twitter.com/hack3rsca/status/839599437907386368 - Press/Media Coverage, Third Party Advisory () https://twitter.com/hack3rsca/status/839599437907386368 - Press/Media Coverage, Third Party Advisory
References () https://www.kb.cert.org/vuls/id/355151 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/355151 - Third Party Advisory, US Government Resource

Information

Published : 2017-12-16 02:29

Updated : 2024-11-21 03:24


NVD link : CVE-2017-3185

Mitre link : CVE-2017-3185

CVE.ORG link : CVE-2017-3185


JSON object : View

Products Affected

acti

  • camera_firmware
CWE
CWE-598

Use of GET Request Method With Sensitive Query Strings

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor