Описание
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:sv3c:sv-b01poe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-b11vpoe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-d02poe-1080p-l:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170823b:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:sv3c:sv-b01poe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-b11vpoe-1080p-l:-:*:*:*:*:*:*:*
cpe:2.3:h:sv3c:sv-d02poe-1080p-l:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08842
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
EPSS
Процентиль: 92%
0.08842
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601