CVE-2017-3185
CRITICALACTi D, B, I, and E series cameras >=A1D-500-V6.11.31-AC - Exposure of Sensitive Information via GET Requests
Title source: llmDescription
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
References (4)
Core 4
Core References
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://twitter.com/hack3rsca/status/839599437907386368
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96720/info
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://twitter.com/Hfuhs/status/839252357221330944
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/355151
Scores
CVSS v3
9.8
EPSS
0.0322
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-598
Status
published
Products (2)
acti/camera_firmware
a1d-500-v6.11.31-ac
ACTi Corporation/ACTi D, B, I, and E series cameras
A1D-500-V6.11.31-AC
Published
Dec 16, 2017
Tracked Since
Feb 18, 2026