CVE-2017-3184

Name of the Vulnerable Software and Affected Versions ACTi cameras versions A1D-500-V6.11.31-AC

Description The issue is related to inadequate access control in the firmware of ACTi cameras, which can be exploited by a remote attacker. By directly accessing the "http://x.x.x.x/setup/setup maintain firmware-default.html" page, an attacker can perform a factory reset on the device. This can lead to a denial of service condition or allow the attacker to access the device using default credentials.

Recommendations For version A1D-500-V6.11.31-AC, consider restricting access to the factory reset page as a temporary workaround until a patch is available. Avoid using the default credentials in the affected API endpoint until the issue is resolved. As a mitigation measure, restrict access to the setup maintain firmware-default.html page to minimize the risk of exploitation.