Test ID:	1.3.6.1.4.1.25623.1.0.106649
Category:	Web application abuses
Title:	ACTi Cameras Multiple Vulnerabilities
Summary:	ACTi Cameras are prone to multiple vulnerabilities.
Description:	Summary: ACTi Cameras are prone to multiple vulnerabilities. Vulnerability Insight: ACTi Cameras are prone to multiple vulnerabilities: - Missing authentication for the factory reset page. (CVE-2017-3184) - The web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. (CVE-2017-3185) - Device uses non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. (CVE-2017-3186) Affected Software/OS: ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3184 BugTraq ID: 96720 http://www.securityfocus.com/bid/96720/info CERT/CC vulnerability note: VU#355151 https://www.kb.cert.org/vuls/id/355151 https://twitter.com/Hfuhs/status/839252357221330944 https://twitter.com/hack3rsca/status/839599437907386368 Common Vulnerability Exposure (CVE) ID: CVE-2017-3185 Common Vulnerability Exposure (CVE) ID: CVE-2017-3186
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.