CVE-2013-1602

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.

Ссылки

http://www.securityfocus.com/bid/59569
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/83942
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/cve/CVE-2013-1602
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/59569
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/83942
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/cve/CVE-2013-1602
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dcs-3411_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-3411:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dcs-3430_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-3430:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:dlink:dcs-5605_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5605:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:dlink:dcs-5635_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5635:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:dlink:dcs-1100l_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-1100l:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:dlink:dcs-1130l_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-1130l:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

Одно из

cpe:2.3:o:dlink:dcs-1100_firmware:1.03:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dcs-1100_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

Одно из

cpe:2.3:o:dlink:dcs-1130_firmware:1.03:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dcs-1130_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

Одно из

cpe:2.3:o:dlink:dcs-2102_firmware:1.05:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dcs-2102_firmware:1.06:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-2102:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

Одно из

cpe:2.3:o:dlink:dcs-2121_firmware:1.05:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dcs-2121_firmware:1.06:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-2121:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:dlink:dcs-3410_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-3410:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:dlink:dcs-5230_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5230:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:dlink:dcs-5230l_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5230l:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:dlink:dcs-6410_firmware:1.00:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-6410:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:dlink:dcs-7410_firmware:1.00:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-7410:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:dlink:dcs-7510_firmware:1.00:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-7510:-:*:*:*:*:*:*:*

Конфигурация 17

Одновременно

cpe:2.3:o:dlink:wcs-1100_firmware:1.00:*:*:*:*:*:*:*

cpe:2.3:h:dlink:wcs-1100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.48319

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2hp5-8v8q-wx26

github

почти 4 года назад

EPSS

Процентиль: 98%

0.48319

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200