Vulnerability Note VU#355151
ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.
According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Other models may be affected.
CWE-306: Missing Authentication for Critical Function - CVE-2017-3184
A remote unauthenticated attacker may be able to perform a factory reset of the device, gain access to sensitive information such as user account name or password, or utilize a known default root admin credential across all devices.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|ACTi Corporation||Affected||20 Jan 2017||07 Mar 2017|
CVSS Metrics (Learn More)
Thanks to Mandar Jadhav of the Qualys Vulnerability Signature/Research Team for reporting these vulnerabilities.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2017-3184 CVE-2017-3185 CVE-2017-3186
- Date Public: 07 Mar 2017
- Date First Published: 07 Mar 2017
- Date Last Updated: 07 Mar 2017
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.