id: CVE-2018-12675 info: name: SV3C HD Camera L Series - Open Redirect author: 0x_Akoko severity: medium description: | SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. remediation: | Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: - https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory - https://vuldb.com/?id.125799 - https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12675 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 epss-score: 0.00118 epss-percentile: 0.45673 cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sv3c product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot http: - method: GET path: - '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh' matchers: - type: word part: body words: - '' # digest: 4a0a0047304502205e1dcc3bcb788b57d00b95eb3174aa7f564366ed23d50afb4792311dbf6ee9140221008de269f0d3fa806a449581c595af06c444f9517402f741709a609f9e41f88118:922c64590222798bb761d5b6d8e72950