H.264 Poe Ip Camera Firmware Security Vulnerabilities and Issues — H.264 Poe Ip Camera Firmware CVE List

Lucene search

Sv3cH.264 Poe Ip Camera Firmware

10 matches found

CVE•added 2018/10/19 10:29 p.m.•45 views

CVE-2018-12669

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi.

8.8CVSS8.3AI score0.00708EPSS

CVE•added 2018/10/19 10:29 p.m.•43 views

CVE-2018-12675

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.

6.1CVSS6.2AI score0.1198EPSS

CVE•added 2018/10/19 10:29 p.m.•42 views

CVE-2018-12666

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.

9.8CVSS9.7AI score0.01104EPSS

CVE•added 2018/10/19 10:29 p.m.•35 views

CVE-2018-12668

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.

10CVSS9.4AI score0.00795EPSS

CVE•added 2018/10/19 10:29 p.m.•35 views

CVE-2018-12672

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or th...

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2018/10/19 10:29 p.m.•34 views

CVE-2018-12671

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web in...

9.8CVSS9.4AI score0.00353EPSS

CVE•added 2018/10/19 10:29 p.m.•32 views

CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.

10CVSS9.5AI score0.12488EPSS

CVE•added 2018/10/19 10:29 p.m.•32 views

CVE-2018-12674

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in ...

5.7CVSS5.8AI score0.00048EPSS

CVE•added 2018/10/19 10:29 p.m.•30 views

CVE-2018-12667

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configurat...

9.8CVSS9.2AI score0.00764EPSS

CVE•added 2018/10/19 10:29 p.m.•30 views

CVE-2018-12673

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information.

7.5CVSS7.3AI score0.00316EPSS