CVE-2017-3185

Name of the Vulnerable Software and Affected Versions ACTi cameras including the D, B, I, and E series version A1D-500-V6.11.31-AC

Description The web application in the affected cameras uses the GET method to process requests containing sensitive information, such as user account name and password. This can expose the sensitive information through the browser's history, referrers, web logs, and other sources.

Recommendations For version A1D-500-V6.11.31-AC, consider changing the request method from GET to POST to prevent sensitive information from being exposed in the browser's history and web logs. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.