CVE-2013-1598

Vivotek IP Cameras - Multiple Vulnerabilities

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.

Se presenta una vulnerabilidad de Inyección de Comandos en Vivotek PT7135 IP Cameras versiones 0300a y 0400a, por medio del parámetro system.ntp en el archivo binario farseer.out, lo que podría permitir a un usuario malicioso ejecutar código arbitrario.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-04 CVE Reserved
2013-04-29 CVE Published
2013-05-01 First Exploit
2024-08-06 CVE Updated
2024-09-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/bid/59575	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/83946	Third Party Advisory
https://packetstormsecurity.com/files/cve/CVE-2013-1598	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/25139	2013-05-01
https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt	2024-08-06
https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities	2024-08-06

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vivotek Search vendor "Vivotek"	Pt7135 Firmware Search vendor "Vivotek" for product "Pt7135 Firmware"	0300a Search vendor "Vivotek" for product "Pt7135 Firmware" and version "0300a"	-	Affected	in	Vivotek Search vendor "Vivotek"	Pt7135 Search vendor "Vivotek" for product "Pt7135"	-	-	Safe
Vivotek Search vendor "Vivotek"	Pt7135 Firmware Search vendor "Vivotek" for product "Pt7135 Firmware"	0400a Search vendor "Vivotek" for product "Pt7135 Firmware" and version "0400a"	-	Affected	in	Vivotek Search vendor "Vivotek"	Pt7135 Search vendor "Vivotek" for product "Pt7135"	-	-	Safe