search menu icon-carat-right cmu-wordmark

CERT Coordination Center


ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

Vulnerability Note VU#355151

Original Release Date: 2017-03-07 | Last Revised: 2017-03-07

Overview

According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.

Description

According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Other models may be affected.

CWE-306: Missing Authentication for Critical Function - CVE-2017-3184

The issue is due to the device failing to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).

CWE-598: Information Exposure Through Query Strings in GET Request - CVE-2017-3185

The web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

CWE-521: Weak Password Requirements - CVE-2017-3186

Device uses non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

For more information, please read the researcher's security advisory.

Impact

A remote unauthenticated attacker may be able to perform a factory reset of the device, gain access to sensitive information such as user account name or password, or utilize a known default root admin credential across all devices.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

355151
Expand all

ACTi Corporation

Notified:  January 20, 2017 Updated:  March 07, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 8.5 E:POC/RL:U/RC:UR
Environmental 6.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Mandar Jadhav of the Qualys Vulnerability Signature/Research Team for reporting these vulnerabilities.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-3184, CVE-2017-3185, CVE-2017-3186
Date Public: 2017-03-07
Date First Published: 2017-03-07
Date Last Updated: 2017-03-07 16:24 UTC
Document Revision: 23

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.