Описание
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:sv3c:sv-b01poe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-b11vpoe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-d02poe-1080p-l:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170823b:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:sv3c:sv-b01poe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-b11vpoe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-d02poe-1080p-l:-:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01104
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.
EPSS
Процентиль: 78%
0.01104
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287