Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by acti
VAR-201712-0125
Vulnerability from variot - Updated: 2023-12-18 13:43ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. There are security vulnerabilities in several ACTi products. A remote attacker can exploit a vulnerability to submit a special request for sensitive information. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. There is a security vulnerability, which stems from the fact that the program uses the GET method to process requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "acti",
"version": "a1d-500-v6.11.31-ac"
},
{
"model": "b series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "d series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "e series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "i series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "acti",
"version": null
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "version a1d-500-v6.11.31-ac using d"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "b"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "i"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "e series"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3185"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav",
"sources": [
{
"db": "BID",
"id": "96720"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04256",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-111388",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3185",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-003933",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04256",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-357",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111388",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-3185",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\u0027s history, referrers, web logs, and other sources. According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi\u0027s series of network surveillance cameras. There are security vulnerabilities in several ACTi products. A remote attacker can exploit a vulnerability to submit a special request for sensitive information. An authentication-bypass vulnerability. \n2. An information disclosure vulnerability. \n3. \nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. There is a security vulnerability, which stems from the fact that the program uses the GET method to process requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "VULMON",
"id": "CVE-2017-3185"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2017-3185",
"trust": 3.5
},
{
"db": "BID",
"id": "96720",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU92233464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04256",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111388",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3185",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"id": "VAR-201712-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "VULHUB",
"id": "VHN-111388"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04256"
}
]
},
"last_update_date": "2023-12-18T13:43:53.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product List",
"trust": 0.8,
"url": "https://www.acti.com/productselector/"
},
{
"title": "Patches for multiple ACTi product sensitive information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-598",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"trust": 1.8,
"url": "https://twitter.com/hfuhs/status/839252357221330944"
},
{
"trust": 1.8,
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"trust": 0.8,
"url": "http://www.acti.com/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/521.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/598.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3186"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92233464/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3186"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/96720"
},
{
"trust": 0.3,
"url": "http://www.acti.com/home/index.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"db": "VULHUB",
"id": "VHN-111388"
},
{
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2017-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-111388"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"date": "2017-03-07T00:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2017-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2017-12-16T02:29:10.137000",
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"date": "2017-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04256"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111388"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3185"
},
{
"date": "2017-03-16T01:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2019-10-09T23:27:20.290000",
"db": "NVD",
"id": "CVE-2017-3185"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-357"
}
],
"trust": 0.6
}
}
VAR-201712-0124
Vulnerability from variot - Updated: 2023-12-18 13:43ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "acti",
"version": "a1d-500-v6.11.31-ac"
},
{
"model": "b series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "d series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "e series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "i series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "acti",
"version": null
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "version a1d-500-v6.11.31-ac using d"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "b"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "i"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "e series"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav",
"sources": [
{
"db": "BID",
"id": "96720"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05514",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111387",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3184",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-003933",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-356",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111387",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3184",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi\u0027s series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability. \n2. An information disclosure vulnerability. \n3. \nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "VULMON",
"id": "CVE-2017-3184"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2017-3184",
"trust": 3.5
},
{
"db": "BID",
"id": "96720",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU92233464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111387",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3184",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"id": "VAR-201712-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "VULHUB",
"id": "VHN-111387"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05514"
}
]
},
"last_update_date": "2023-12-18T13:43:53.025000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product List",
"trust": 0.8,
"url": "https://www.acti.com/productselector/"
},
{
"title": "Patches for multiple ACTi products that are not authorized to access vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-598",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"trust": 1.8,
"url": "https://twitter.com/hfuhs/status/839252357221330944"
},
{
"trust": 1.8,
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"trust": 0.8,
"url": "http://www.acti.com/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/521.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/598.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3186"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92233464/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3186"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/96720"
},
{
"trust": 0.3,
"url": "http://www.acti.com/home/index.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"db": "VULHUB",
"id": "VHN-111387"
},
{
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-111387"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"date": "2017-03-07T00:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2017-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2017-12-16T02:29:10.090000",
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"date": "2017-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05514"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111387"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3184"
},
{
"date": "2017-03-16T01:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2019-10-09T23:27:20.150000",
"db": "NVD",
"id": "CVE-2017-3184"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-356"
}
],
"trust": 0.6
}
}
VAR-201712-0126
Vulnerability from variot - Updated: 2023-12-18 13:43ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "acti",
"version": "a1d-500-v6.11.31-ac"
},
{
"model": "b series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "d series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "e series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": "i series a1d-500-v6.11.31-ac",
"scope": null,
"trust": 0.9,
"vendor": "acti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "acti",
"version": null
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "version a1d-500-v6.11.31-ac using d"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "b"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "i"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "acti",
"version": "e series"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3186"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav",
"sources": [
{
"db": "BID",
"id": "96720"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3186",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03904",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111389",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3186",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003933",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3186",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-003933",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-03904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-358",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111389",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3186",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. There is likely to be. ACTiISeries and others are ACTi\u0027s series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability. \n2. An information disclosure vulnerability. \n3. \nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "VULMON",
"id": "CVE-2017-3186"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2017-3186",
"trust": 3.5
},
{
"db": "BID",
"id": "96720",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU92233464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-03904",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111389",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3186",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"id": "VAR-201712-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "VULHUB",
"id": "VHN-111389"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03904"
}
]
},
"last_update_date": "2023-12-18T13:43:52.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product List",
"trust": 0.8,
"url": "https://www.acti.com/productselector/"
},
{
"title": "Patches for multiple ACTi products non-random default certificate vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91485"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-598",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"trust": 1.8,
"url": "https://twitter.com/hfuhs/status/839252357221330944"
},
{
"trust": 1.8,
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"trust": 0.8,
"url": "http://www.acti.com/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/521.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/598.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3186"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92233464/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3184"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3185"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3186"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/96720"
},
{
"trust": 0.3,
"url": "http://www.acti.com/home/index.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#355151"
},
{
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"db": "VULHUB",
"id": "VHN-111389"
},
{
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"db": "BID",
"id": "96720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-111389"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"date": "2017-03-07T00:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2017-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2017-12-16T02:29:10.183000",
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"date": "2017-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#355151"
},
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03904"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111389"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3186"
},
{
"date": "2017-03-16T01:00:00",
"db": "BID",
"id": "96720"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003933"
},
{
"date": "2019-10-09T23:27:20.430000",
"db": "NVD",
"id": "CVE-2017-3186"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#355151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-358"
}
],
"trust": 0.6
}
}
VAR-202010-1660
Vulnerability from variot - Updated: 2023-12-18 13:32ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. ACTi NVR Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. ACTi is a network camera series produced by ACTI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1660",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr",
"scope": "eq",
"trust": 1.0,
"vendor": "acti",
"version": "2.3.04.07"
},
{
"model": "nvr",
"scope": "eq",
"trust": 1.0,
"vendor": "acti",
"version": "3.0.12.42"
},
{
"model": "nvr",
"scope": null,
"trust": 0.8,
"vendor": "acti",
"version": null
},
{
"model": "nvr3 standard server",
"scope": "eq",
"trust": 0.6,
"vendor": "acti",
"version": "3.0.12.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:acti:nvr:2.3.04.07:*:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:acti:nvr:3.0.12.42:*:*:*:standard:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MegaMagnus",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
],
"trust": 0.6
},
"cve": "CVE-2020-15956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008990",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-50290",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-15956",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008990",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-15956",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-50290",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-126",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-15956",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. ACTi NVR Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. ACTi is a network camera series produced by ACTI",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-15956",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "158771",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "48731",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-50290",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020080037",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-126",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-15956",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"id": "VAR-202010-1660",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
}
]
},
"last_update_date": "2023-12-18T13:32:53.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NVR 3 Enterprise ACTi Network Video Recorder",
"trust": 0.8,
"url": "https://www2.acti.com/nvr3"
},
{
"title": "Patch for ACTi NVR3 Standard Server buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/230035"
},
{
"title": "cve-2020-15956",
"trust": 0.1,
"url": "https://github.com/megamagnus/cve-2020-15956 "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/158771/acti-nvr3-standard-professional-server-3.0.12.42-denial-of-service.html"
},
{
"trust": 1.7,
"url": "https://www2.acti.com/nvr3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15956"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/48731;"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15956"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020080037"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"date": "2020-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"date": "2020-08-04T20:15:12.290000",
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"date": "2020-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-50290"
},
{
"date": "2020-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15956"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008990"
},
{
"date": "2020-08-06T19:38:53.273000",
"db": "NVD",
"id": "CVE-2020-15956"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi NVR Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-126"
}
],
"trust": 0.6
}
}
VAR-201911-1950
Vulnerability from variot - Updated: 2022-05-17 01:40ACTi ACM-5611 is a network camera produced by ACTI.
ACTi ACM-5611 Camera has a remote command execution vulnerability. The vulnerability stems from the program's incorrect verification of user-submitted data. A remote attacker could exploit this vulnerability to execute arbitrary code on the underlying operating system by sending a malicious HTTP request.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1950",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acm-5611 a1d-220-v3.08.08-ac",
"scope": null,
"trust": 0.6,
"vendor": "acti",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38492",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2019-38492",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi ACM-5611 is a network camera produced by ACTI.\n\nACTi ACM-5611 Camera has a remote command execution vulnerability. The vulnerability stems from the program\u0027s incorrect verification of user-submitted data. A remote attacker could exploit this vulnerability to execute arbitrary code on the underlying operating system by sending a malicious HTTP request.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "154626",
"trust": 0.6
},
{
"db": "EXPLOITALERT",
"id": "34128",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2019090179",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-38492",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"id": "VAR-201911-1950",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"last_update_date": "2022-05-17T01:40:55.324000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019090179"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154626/acti-acm-5611-video-camera-remote-command-execution.html"
},
{
"trust": 0.6,
"url": "https://www.exploitalert.com/view-details.html?id=34128"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38492"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACTi ACM-5611 Camera Remote Command Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38492"
}
],
"trust": 0.6
}
}
CVE-2020-15956 (GCVE-0-2020-15956)
Vulnerability from cvelistv5 – Published: 2020-08-04 19:03 – Updated: 2024-08-04 13:30
VLAI
Summary
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www2.acti.com/nvr3 | x_refsource_MISC |
| https://github.com/megamagnus/cve-2020-15956 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158771/ACTi-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www2.acti.com/nvr3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T18:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www2.acti.com/nvr3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www2.acti.com/nvr3",
"refsource": "MISC",
"url": "https://www2.acti.com/nvr3"
},
{
"name": "https://github.com/megamagnus/cve-2020-15956",
"refsource": "MISC",
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"name": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15956",
"datePublished": "2020-08-04T19:03:35.000Z",
"dateReserved": "2020-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:23.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3186 (GCVE-0-2017-3186)
Vulnerability from cvelistv5 – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
Severity
No CVSS data available.
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3186",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3184 (GCVE-0-2017-3184)
Vulnerability from cvelistv5 – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
Severity
No CVSS data available.
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3184",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3185 (GCVE-0-2017-3185)
Vulnerability from cvelistv5 – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
Severity
No CVSS data available.
CWE
- CWE-598 - Information Exposure Through Query Strings in GET Request
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\u0027s history, referrers, web logs, and other sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Information Exposure Through Query Strings in GET Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\u0027s history, referrers, web logs, and other sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3185",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4583 (GCVE-0-2007-4583)
Vulnerability from cvelistv5 – Published: 2007-08-29 01:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4324 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/26622 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4323 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38387 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/38386 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/25465 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/2993 | vdb-entryx_refsource_VUPEN |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"refsource": "OSVDB",
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"refsource": "OSVDB",
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4583",
"datePublished": "2007-08-29T01:00:00.000Z",
"dateReserved": "2007-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4582 (GCVE-0-2007-4582)
Vulnerability from cvelistv5 – Published: 2007-08-29 01:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/38441 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4322 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25465 | vdb-entryx_refsource_BID |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38441",
"refsource": "OSVDB",
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4582",
"datePublished": "2007-08-29T01:00:00.000Z",
"dateReserved": "2007-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15956 (GCVE-0-2020-15956)
Vulnerability from nvd – Published: 2020-08-04 19:03 – Updated: 2024-08-04 13:30
VLAI
Summary
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www2.acti.com/nvr3 | x_refsource_MISC |
| https://github.com/megamagnus/cve-2020-15956 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158771/ACTi-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www2.acti.com/nvr3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T18:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www2.acti.com/nvr3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www2.acti.com/nvr3",
"refsource": "MISC",
"url": "https://www2.acti.com/nvr3"
},
{
"name": "https://github.com/megamagnus/cve-2020-15956",
"refsource": "MISC",
"url": "https://github.com/megamagnus/cve-2020-15956"
},
{
"name": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15956",
"datePublished": "2020-08-04T19:03:35.000Z",
"dateReserved": "2020-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:23.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3186 (GCVE-0-2017-3186)
Vulnerability from nvd – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
Severity
No CVSS data available.
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3186",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3185 (GCVE-0-2017-3185)
Vulnerability from nvd – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
Severity
No CVSS data available.
CWE
- CWE-598 - Information Exposure Through Query Strings in GET Request
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\u0027s history, referrers, web logs, and other sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Information Exposure Through Query Strings in GET Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\u0027s history, referrers, web logs, and other sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3185",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3184 (GCVE-0-2017-3184)
Vulnerability from nvd – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
Severity
No CVSS data available.
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/hack3rsca/status/839599437907386368 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96720/info | vdb-entryx_refsource_BID |
| https://twitter.com/Hfuhs/status/839252357221330944 | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/355151 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACTi Corporation | ACTi D, B, I, and E series cameras |
Affected:
A1D-500-V6.11.31-AC
|
Date Public
2017-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACTi D, B, I, and E series cameras",
"vendor": "ACTi Corporation",
"versions": [
{
"status": "affected",
"version": "A1D-500-V6.11.31-AC"
}
]
}
],
"datePublic": "2017-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/355151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3184",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4583 (GCVE-0-2007-4583)
Vulnerability from nvd – Published: 2007-08-29 01:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4324 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/26622 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4323 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38387 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/38386 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/25465 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/2993 | vdb-entryx_refsource_VUPEN |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "actinvr-savexmlfile-file-overwrite(36304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36304"
},
{
"name": "4324",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4324"
},
{
"name": "26622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26622"
},
{
"name": "actinvr-deletexmlfile-file-overwrite(36303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36303"
},
{
"name": "4323",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4323"
},
{
"name": "38387",
"refsource": "OSVDB",
"url": "http://osvdb.org/38387"
},
{
"name": "38386",
"refsource": "OSVDB",
"url": "http://osvdb.org/38386"
},
{
"name": "25465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25465"
},
{
"name": "ADV-2007-2993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4583",
"datePublished": "2007-08-29T01:00:00.000Z",
"dateReserved": "2007-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4582 (GCVE-0-2007-4582)
Vulnerability from nvd – Published: 2007-08-29 01:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/38441 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4322 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25465 | vdb-entryx_refsource_BID |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38441",
"refsource": "OSVDB",
"url": "http://osvdb.org/38441"
},
{
"name": "nvr-nvunifiedcontrol-bo(36305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36305"
},
{
"name": "4322",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4322"
},
{
"name": "25465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4582",
"datePublished": "2007-08-29T01:00:00.000Z",
"dateReserved": "2007-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}