CVE-2018-12666

Name of the Vulnerable Software and Affected Versions SV3C L-SERIES HD CAMERA version 2.3.4.2103-S50-NTD-B20170508B

Description The issue allows remote attackers to bypass authentication and gain administrator access. This is possible because the device improperly identifies users only by the authentication level sent in the cookies. An attacker can exploit this by setting the authLevel cookie to 255.

Recommendations For version 2.3.4.2103-S50-NTD-B20170508B, as a temporary workaround, consider restricting access to the device's administrative interface until a patch is available. Avoid relying solely on the authLevel cookie for authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.