Описание
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
Ссылки
- Third Party AdvisoryVDB Entry
- Press/Media CoverageThird Party Advisory
- Press/Media CoverageThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Press/Media CoverageThird Party Advisory
- Press/Media CoverageThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01712
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-598
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
EPSS
Процентиль: 82%
0.01712
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-598
CWE-200