Sign-up

ID

VAR-201810-0956


CVE

CVE-2018-12666


TITLE

SV3C L-SERIES HD CAMERA Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013944

DESCRIPTION

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. SV3C L-SERIES HD CAMERA The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SV3C L-SERIES HD CAMERA is a network camera product of China SV3C Technology Company. There is a security vulnerability in SV3C L-SERIES HD CAMERA version 2.3.4.2103-S50-NTD-B20170508B

Trust: 1.71

sources: NVD: CVE-2018-12666 // JVNDB: JVNDB-2018-013944 // VULHUB: VHN-122648

IOT TAXONOMY

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:v2.3.4.2103-s50-ntd-b20170508b

Trust: 1.0

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:v2.3.4.2103-s50-ntd-b20170823b

Trust: 1.0

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:2.3.4.2103-s50-ntd-b20170508b

Trust: 0.8

sources: JVNDB: JVNDB-2018-013944 // NVD: CVE-2018-12666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12666
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-12666
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201810-1082
value: HIGH

Trust: 0.6

VULHUB: VHN-122648
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12666
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122648
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12666
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122648 // JVNDB: JVNDB-2018-013944 // CNNVD: CNNVD-201810-1082 // NVD: CVE-2018-12666

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-122648 // JVNDB: JVNDB-2018-013944 // NVD: CVE-2018-12666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1082

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-1082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013944

PATCH
title:Top Pageurl:http://www.sv3c.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013944

EXTERNAL IDS
db:NVDid:CVE-2018-12666
Trust: 2.6
db:JVNDBid:JVNDB-2018-013944
Trust: 0.8
db:CNNVDid:CNNVD-201810-1082
Trust: 0.7
db:VULDBid:125790
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-122648
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-122648 // 
            
            
            
            JVNDB: JVNDB-2018-013944 // 
            
            
            
            CNNVD: CNNVD-201810-1082 // 
            
            
            
            NVD: CVE-2018-12666

REFERENCES
url:https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12666
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12666
Trust: 0.8
url:https://vuldb.com/?id.125790
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-122648 // 
            
            
            
            JVNDB: JVNDB-2018-013944 // 
            
            
            
            CNNVD: CNNVD-201810-1082 // 
            
            
            
            NVD: CVE-2018-12666

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-122648
db:JVNDBid:JVNDB-2018-013944
db:CNNVDid:CNNVD-201810-1082
db:NVDid:CVE-2018-12666

LAST UPDATE DATE
2025-01-30T22:00:16.006000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122648date:2019-01-28T00:00:00
db:JVNDBid:JVNDB-2018-013944date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201810-1082date:2019-04-01T00:00:00
db:NVDid:CVE-2018-12666date:2024-11-21T03:45:38.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-122648date:2018-10-19T00:00:00
db:JVNDBid:JVNDB-2018-013944date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201810-1082date:2018-10-22T00:00:00
db:NVDid:CVE-2018-12666date:2018-10-19T22:29:00.257