CRITICAL🇬🇧 English

CVE-2017-3185

CVSS 9.8v3.0pub. 2017-12-16upd. 2026-05-13

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Acti Camera Firmware

    OS
    Acti
    a1d-500-v6.11.31-ac
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-3184CRITICAL9.8ten sam produkt

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly r...

CVE-2017-3186CRITICAL9.8ten sam produkt

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random def...

CVE-2020-15956HIGH7.5ten sam vendor

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigge...

CVE-2007-4582HIGH7.5ten sam vendor

Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ...

CVE-2007-4583MEDIUM5.0ten sam vendor

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1...