{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T16:56:55.915","vulnerabilities":[{"cve":{"id":"CVE-2017-3185","sourceIdentifier":"cret@cert.org","published":"2017-12-16T02:29:10.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."},{"lang":"es","value":"Las cámaras ACTi, incluidas las series D, B, I y E, que utilizan la versión de firmware A1D-500-V6.11.31-AC tienen una aplicación web que utiliza el método GET para procesar peticiones que contienen información sensible como el nombre de la cuenta y la contraseña del usuario, lo que puede exponer esa información mediante el historial del navegador, referers, logs web y otros orígenes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-598"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:acti:camera_firmware:a1d-500-v6.11.31-ac:*:*:*:*:*:*:*","matchCriteriaId":"C7A530FE-C83D-4CAA-9C23-8C9A8F96B34A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96720/info","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://twitter.com/Hfuhs/status/839252357221330944","source":"cret@cert.org","tags":["Press/Media Coverage","Third Party Advisory"]},{"url":"https://twitter.com/hack3rsca/status/839599437907386368","source":"cret@cert.org","tags":["Press/Media Coverage","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/355151","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96720/info","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://twitter.com/Hfuhs/status/839252357221330944","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"]},{"url":"https://twitter.com/hack3rsca/status/839599437907386368","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/355151","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}