CVE-2018-12666
CRITICALSV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B - Auth Bypass
Title source: llmDescription
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/
Scores
CVSS v3
9.8
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
sv3c/h.264_poe_ip_camera_firmware
v2.3.4.2103-s50-ntd-b20170508b
sv3c/h.264_poe_ip_camera_firmware
v2.3.4.2103-s50-ntd-b20170823b
Published
Oct 19, 2018
Tracked Since
Feb 18, 2026