Authentication flaw

2018-10-1922:29:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions.

CPENameOperatorVersion
h.264_poe_ip_camera_firmwareeqv2.3.4.2103s50ntdb20170508b
h.264_poe_ip_camera_firmwareeqv2.3.4.2103s50ntdb20170823b

CPE	Name	Operator	Version
	h.264_poe_ip_camera_firmware	eq	v2.3.4.2103s50ntdb20170508b
	h.264_poe_ip_camera_firmware	eq	v2.3.4.2103s50ntdb20170823b

References

www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/