CVE-2018-12675

nvd nist nuclei

Published: Oct 19, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.

Affected (2)

Products: Sv3c: H.264 Poe Ip Camera Firmware

1 product

H.264 Poe Ip Camera Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170508b

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sv3c H.264 Poe Ip Camera Firmware	Version v2.3.4.2103-s50-ntd-b20170823b

Running on/with	Platform Versions
Sv3c Sv B01poe 1080p L	All versions
Sv3c Sv B11vpoe 1080p L	All versions
Sv3c Sv D02poe 1080p L	All versions

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.