CVE-2018-12666

Published: Oct 19, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.

Affected (2)

Products: Sv3c: H.264 Poe Ip Camera Firmware

1 product

H.264 Poe Ip Camera Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170508b

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170823b

Running on/with	Platform Versions
Sv3c Sv B01poe 1080p L	All versions
Sv3c Sv B11vpoe 1080p L	All versions
Sv3c Sv D02poe 1080p L	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.