CVE-2017-3185
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
Affected (1)
Products: Acti: Camera Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version a1d-500-v6.11.31-ac |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-598
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
References (8)
Source: cret@cert.org
Press/Media CoverageThird Party Advisory
Source: cret@cert.org
Press/Media CoverageThird Party Advisory
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.