← back
CVE-2018-12675

CVE-2018-12675

EPSS 3.1%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 3.1%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
19 Oct 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
Affected products
n/a · n/a