Authentication flaw

2018-10-1922:29:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.

CPENameOperatorVersion
h.264_poe_ip_camera_firmwareeqv2.3.4.2103s50ntdb20170508b
h.264_poe_ip_camera_firmwareeqv2.3.4.2103s50ntdb20170823b

CPE	Name	Operator	Version
	h.264_poe_ip_camera_firmware	eq	v2.3.4.2103s50ntdb20170508b
	h.264_poe_ip_camera_firmware	eq	v2.3.4.2103s50ntdb20170823b

References

www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/