|
248311
|
6.1 |
MEDIUM
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be…
|
CWE-601
Open Redirect
|
CVE-2018-12675
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248312
|
5.7 |
MEDIUM
Adjacent
|
sv3c
|
h.264_poe_ip_camera_firmware
|
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-12674
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248313
|
7.5 |
HIGH
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including cam…
|
CWE-200
Information Exposure
|
CVE-2018-12673
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248314
|
5.4 |
MEDIUM
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was i…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12672
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248315
|
9.8 |
CRITICAL
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all…
|
CWE-200
Information Exposure
|
CVE-2018-12671
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248316
|
9.8 |
CRITICAL
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.
|
CWE-78
OS Command
|
CVE-2018-12670
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248317
|
8.8 |
HIGH
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/para…
|
NVD-CWE-noinfo
|
CVE-2018-12669
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248318
|
9.8 |
CRITICAL
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-12668
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248319
|
9.8 |
CRITICAL
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI…
|
CWE-287
Improper Authentication
|
CVE-2018-12667
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248320
|
9.8 |
CRITICAL
Network
|
sv3c
|
h.264_poe_ip_camera_firmware
|
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication …
|
CWE-287
Improper Authentication
|
CVE-2018-12666
|
2024-11-21 12:45 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
