PT-2018-11326 · Sv3C · Sv3C Hd Camera
Published
2018-10-19
·
Updated
2019-01-11
·
CVE-2018-12675
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SV3C HD Camera versions V2.3.4.2103-S50-NTD-B20170508B through V2.3.4.2103-S50-NTD-B20170823B
Description
The issue concerns the camera's web interface, which does not perform origin checks on URLs that it redirects users to. This can be exploited to redirect a user to an unexpected endpoint, potentially leading to unintended consequences.
Recommendations
For versions V2.3.4.2103-S50-NTD-B20170508B through V2.3.4.2103-S50-NTD-B20170823B, consider restricting access to the web interface until a fix is available, and avoid using the camera's web interface to access external URLs.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sv3C Hd Camera