CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 4CVE-2013-1594 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1594
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. Se presenta una vulnerabilidad de divulgación de información por medio de una petición GET en Vivotek PT7135 IP Camera versiones 0300a y 0400a, debido a claves inalámbricas y credenciales de terceros almacenadas en texto sin cifrar. • https://www.exploit-db.com/exploits/25139 http://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59572 https://exchange.xforce.ibmcloud.com/vulnerabilities/83943 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1594 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 13%CPEs: 3EXPL: 3CVE-2013-1596 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1596
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. Se presenta una Vulnerabilidad de Omisión de Autenticación en Vivotek PT7135 IP Camera versiones 0300a y 0400a, por medio de paquetes RTSP especialmente diseñados para el puerto TCP 554. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59574 https://exchange.xforce.ibmcloud.com/vulnerabilities/83945 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1596 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 3CVE-2013-1598 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1598
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. Se presenta una vulnerabilidad de Inyección de Comandos en Vivotek PT7135 IP Cameras versiones 0300a y 0400a, por medio del parámetro system.ntp en el archivo binario farseer.out, lo que podría permitir a un usuario malicioso ejecutar código arbitrario. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59575 https://exchange.xforce.ibmcloud.com/vulnerabilities/83946 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1598 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 3CVE-2013-1595 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1595
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. Se presenta una vulnerabilidad de desbordamiento de búfer en Vivotek PT7135 IP Camera versiones 0300a y 0400a, por medio de un paquete especialmente diseñado en el campo de encabezado Authorization enviado al servicio RTSP, lo que podría permitir a un usuario malicioso remoto ejecutar un código arbitrario o causar una denegación de servicio. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59573 https://exchange.xforce.ibmcloud.com/vulnerabilities/83944 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1595 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 3CVE-2013-1597 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1597
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. Se presenta una vulnerabilidad de Salto de Directorio en Vivotek PT7135 IP Cameras versiones 0300a y 0400a, por medio de una petición GET especialmente diseñada, lo que podría permitir a un usuario malicioso obtener credenciales de usuario. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59576 https://exchange.xforce.ibmcloud.com/vulnerabilities/83947 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1597 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •