CVE-2018-12672 — MEDIUM (5.4)

Vulnerability Description

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sv3C	H.264 Poe Ip Camera Firmware	v2.3.4.2103-s50-ntd-b20170508b
Sv3C	Sv-B01Poe-1080P-L	-
Sv3C	Sv-B11Vpoe-1080P-L	-
Sv3C	Sv-D02Poe-1080P-L	-

Related Weaknesses (CWE)

CWE-79

References

https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabExploitThird Party Advisory
https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabExploitThird Party Advisory

FAQ

What is CVE-2018-12672?

CVE-2018-12672 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was im...

How severe is CVE-2018-12672?

CVE-2018-12672 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12672?

Check the references section above for vendor advisories and patch information. Affected products include: Sv3C H.264 Poe Ip Camera Firmware, Sv3C Sv-B01Poe-1080P-L, Sv3C Sv-B11Vpoe-1080P-L, Sv3C Sv-D02Poe-1080P-L.