Vulnerability Description
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acti | Camera Firmware | a1d-500-v6.11.31-ac |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96720/infoThird Party AdvisoryVDB Entry
- https://twitter.com/Hfuhs/status/839252357221330944Press/Media CoverageThird Party Advisory
- https://twitter.com/hack3rsca/status/839599437907386368Press/Media CoverageThird Party Advisory
- https://www.kb.cert.org/vuls/id/355151Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/96720/infoThird Party AdvisoryVDB Entry
- https://twitter.com/Hfuhs/status/839252357221330944Press/Media CoverageThird Party Advisory
- https://twitter.com/hack3rsca/status/839599437907386368Press/Media CoverageThird Party Advisory
- https://www.kb.cert.org/vuls/id/355151Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-3185?
CVE-2017-3185 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such ...
How severe is CVE-2017-3185?
CVE-2017-3185 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-3185?
Check the references section above for vendor advisories and patch information. Affected products include: Acti Camera Firmware.