Client-side enforcement vulnerability in Cohu 3960HD camera allows for option manipulation and code execution

Client-side enforcement vulnerability in Cohu 3960HD camera allows for option manipulation and code execution

CVE-2017-8864 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.

Learn more about our Cis Benchmark Audit For Server Software.