cvedb.io
CVE-2018-12666
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-10-19T22:29:00.257 · Last modified 2026-06-17T01:38:08.550

Summary

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.

Affected products

sv3c — h.264_poe_ip_camera_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when sv3c ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.