PT-2017-15699 · Acti · Acti Cameras

Mandar Jadhav

Published

2017-12-15

Updated

2019-10-09

CVE-2017-3185

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ACTi cameras including the D, B, I, and E series version A1D-500-V6.11.31-AC

Description The web application in the affected cameras uses the GET method to process requests containing sensitive information, such as user account name and password. This can expose the sensitive information through the browser's history, referrers, web logs, and other sources.

Recommendations For version A1D-500-V6.11.31-AC, consider changing the request method from GET to POST to prevent sensitive information from being exposed in the browser's history and web logs. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-598CWE-200

Related Identifiers

CVE-2017-3185

Affected Products

Acti Cameras

PT-2017-15699 · Acti · Acti Cameras

CVE-2017-3185

Weakness Enumeration

Related Identifiers

Affected Products

References · 6