CVE-2017-3185 Vulnerability Details

  /     /     /  

CVE-2017-3185 Metadata Quick Info

CVE Published: 15/12/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: certcc | Vendor: ACTi Corporation | Product: ACTi D, B, I, and E series cameras
Status : PUBLISHED

CVE-2017-3185 Description

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser\'s history, referrers, web logs, and other sources.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-598
CWE Name: CWE-598: Information Exposure Through Query Strings in GET Request
Source: ACTi Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).