Sign-up

ID

VAR-201810-0964


CVE

CVE-2018-12674


TITLE

SV3C HD Camera Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-013502

DESCRIPTION

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account. SV3CL-SERIESHDCAMERA is a network camera product of China SV3C Technology Corporation. A security vulnerability exists in the SV3CL-SERIESHDCAMERAV2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B versions, which are caused by the program passing sensitive information in clear text. There is a security vulnerability in SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B

Trust: 2.25

sources: NVD: CVE-2018-12674 // JVNDB: JVNDB-2018-013502 // CNVD: CNVD-2018-21516 // VULHUB: VHN-122657

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-21516

AFFECTED PRODUCTS

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:v2.3.4.2103-s50-ntd-b20170823b

Trust: 1.6

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:v2.3.4.2103-s50-ntd-b20170508b

Trust: 1.6

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:2.3.4.2103-s50-ntd-b20170508b

Trust: 0.8

vendor:sv3cmodel:h.264 poe ip camerascope:eqversion:2.3.4.2103-s50-ntd-b20170823b

Trust: 0.8

vendor:sv3cmodel:l-series hd camera v2.3.4.2103-s50-ntd-b20170508bscope: - version: -

Trust: 0.6

vendor:sv3cmodel:l-series hd camera v2.3.4.2103-s50-ntd-b20170823bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-21516 // JVNDB: JVNDB-2018-013502 // CNNVD: CNNVD-201810-1090 // NVD: CVE-2018-12674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12674
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12674
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-21516
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-1090
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122657
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12674
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21516
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122657
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12674
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-21516 // VULHUB: VHN-122657 // JVNDB: JVNDB-2018-013502 // CNNVD: CNNVD-201810-1090 // NVD: CVE-2018-12674

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-122657 // JVNDB: JVNDB-2018-013502 // NVD: CVE-2018-12674

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1090

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013502

PATCH
title:H.264 POE IP Cameraurl:http://www.sv3c.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013502

EXTERNAL IDS
db:NVDid:CVE-2018-12674
Trust: 3.2
db:JVNDBid:JVNDB-2018-013502
Trust: 0.8
db:CNNVDid:CNNVD-201810-1090
Trust: 0.7
db:VULDBid:125798
Trust: 0.6
db:CNVDid:CNVD-2018-21516
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-122657
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-21516 // 
            
            
            
            VULHUB: VHN-122657 // 
            
            
            
            JVNDB: JVNDB-2018-013502 // 
            
            
            
            CNNVD: CNNVD-201810-1090 // 
            
            
            
            NVD: CVE-2018-12674

REFERENCES
url:https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12674
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12674
Trust: 0.8
url:https://vuldb.com/?id.125798
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-21516 // 
            
            
            
            VULHUB: VHN-122657 // 
            
            
            
            JVNDB: JVNDB-2018-013502 // 
            
            
            
            CNNVD: CNNVD-201810-1090 // 
            
            
            
            NVD: CVE-2018-12674

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2018-21516
db:VULHUBid:VHN-122657
db:JVNDBid:JVNDB-2018-013502
db:CNNVDid:CNNVD-201810-1090
db:NVDid:CVE-2018-12674

LAST UPDATE DATE
2025-01-30T22:00:16.985000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-21516date:2018-10-23T00:00:00
db:VULHUBid:VHN-122657date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013502date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-1090date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12674date:2024-11-21T03:45:39.403

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-21516date:2018-10-23T00:00:00
db:VULHUBid:VHN-122657date:2018-10-19T00:00:00
db:JVNDBid:JVNDB-2018-013502date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-1090date:2018-10-22T00:00:00
db:NVDid:CVE-2018-12674date:2018-10-19T22:29:01.023