CVE-2017-3186

CRITICAL

Acti Camera Firmware - Hard-coded Credentials

Title source: rule

Description

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

References (4)

[Press/Media Coverage] https://twitter.com/hack3rsca/status/839599437907386368

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96720/info

[Press/Media Coverage] https://twitter.com/Hfuhs/status/839252357221330944

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/355151

Scores

CVSS v3 9.8

EPSS 0.0987

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521 CWE-798

Status published

Products (2)

acti/camera_firmware a1d-500-v6.11.31-ac

ACTi Corporation/ACTi D, B, I, and E series cameras A1D-500-V6.11.31-AC

Published Dec 16, 2017

Tracked Since Feb 18, 2026