CVE-2018-12671

Published: Oct 19, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface.

Affected (2)

Products: Sv3c: H.264 Poe Ip Camera Firmware

1 product

H.264 Poe Ip Camera Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170508b

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170823b

Running on/with	Platform Versions
Sv3c Sv B01poe 1080p L	All versions
Sv3c Sv B11vpoe 1080p L	All versions
Sv3c Sv D02poe 1080p L	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.