Skip to content
Critical Published: Nov 22, 2017 Modified: Apr 20, 2025

CVE-2017-8864

9.8 CVSS Score Critical
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Export CVE-2017-8864 Data:
Share:
Link copied!

Description

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Affected Software Configurations

  • o cohuhd 3960hd_firmware - * * * * * * *
  • h cohuhd 3960hd - * * * * * * *

Weaknesses (CWE)

  • CWE-693

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2016-0772 CVSS 0 Same weakness: CWE-693 CVE-2018-6794 CVSS 0 Same weakness: CWE-693 CVE-2018-0138 CVSS 0 Same weakness: CWE-693 CVE-2018-0243 CVSS 0 Same weakness: CWE-693 CVE-2018-0244 CVSS 0 Same weakness: CWE-693

CVE History Timeline

Dec 12, 2017 15:54 Initial Analysis
May 14, 2024 04:47 CVE Modified
Nov 21, 2024 03:34 CVE Modified
← Back to CVE Tracker