Details of VAR-201810-0957

ID

VAR-201810-0957

CVE

CVE-2018-12667

TITLE

SV3C HD CAMERA Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013897

DESCRIPTION

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions. SV3C HD CAMERA Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SV3C L-SERIES HD CAMERA is a network camera product of China SV3C Technology Company. There are authorization issue vulnerabilities in SV3C L-SERIES HD CAMERA 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B versions

Trust: 1.71

sources: NVD: CVE-2018-12667 // JVNDB: JVNDB-2018-013897 // VULHUB: VHN-122649

IOT TAXONOMY

category:

['camera device']

sub_category:

IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	sv3c	model:	h.264 poe ip camera	scope:	eq	version:	v2.3.4.2103-s50-ntd-b20170508b	Trust: 1.0
vendor:	sv3c	model:	h.264 poe ip camera	scope:	eq	version:	v2.3.4.2103-s50-ntd-b20170823b	Trust: 1.0
vendor:	sv3c	model:	h.264 poe ip camera	scope:	eq	version:	2.3.4.2103-s50-ntd-b20170508b	Trust: 0.8
vendor:	sv3c	model:	h.264 poe ip camera	scope:	eq	version:	2.3.4.2103-s50-ntd-b20170823b	Trust: 0.8

sources: JVNDB: JVNDB-2018-013897 // NVD: CVE-2018-12667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12667
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-12667
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201810-1083
value:	HIGH
Trust: 0.6
VULHUB:	VHN-122649
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-12667
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122649
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12667
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122649 // JVNDB: JVNDB-2018-013897 // CNNVD: CNNVD-201810-1083 // NVD: CVE-2018-12667

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-122649 // JVNDB: JVNDB-2018-013897 // NVD: CVE-2018-12667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1083

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-1083

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013897

PATCH

title:

Top Page

url:

http://www.sv3c.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013897

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12667	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-013897	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1083	Trust: 0.7
db:	VULDB	id:	125791	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-122649	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-122649 // JVNDB: JVNDB-2018-013897 // CNNVD: CNNVD-201810-1083 // NVD: CVE-2018-12667

REFERENCES

url:	https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12667	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12667	Trust: 0.8
url:	https://vuldb.com/?id.125791	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-122649 // JVNDB: JVNDB-2018-013897 // CNNVD: CNNVD-201810-1083 // NVD: CVE-2018-12667

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-122649
db:	JVNDB	id:	JVNDB-2018-013897
db:	CNNVD	id:	CNNVD-201810-1083
db:	NVD	id:	CVE-2018-12667

LAST UPDATE DATE

2025-01-30T20:26:16.282000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122649	date:	2019-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013897	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201810-1083	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-12667	date:	2024-11-21T03:45:38.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122649	date:	2018-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-013897	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201810-1083	date:	2018-10-22T00:00:00
db:	NVD	id:	CVE-2018-12667	date:	2018-10-19T22:29:00.367