Acti : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2017-3186

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
Max CVSS
10.0
EPSS Score
1.01%
Published
2017-12-16
Updated
2019-10-09

CVE-2017-3185

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
Max CVSS
9.8
EPSS Score
0.57%
Published
2017-12-16
Updated
2019-10-09

CVE-2017-3184

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
Max CVSS
10.0
EPSS Score
0.58%
Published
2017-12-16
Updated
2019-10-09
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close