CVE-2013-3539
Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros modélos de cmámara permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones de añadir usuario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-05-14 CVE Reserved
- 2013-06-12 First Exploit
- 2013-10-01 CVE Published
- 2024-09-16 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38583 | 2013-06-12 | |
| http://seclists.org/fulldisclosure/2013/Jun/84 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ovislink Search vendor "Ovislink" | Airlive Wl2600cam Search vendor "Ovislink" for product "Airlive Wl2600cam" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Ch140 Search vendor "Sony" for product "Snc Ch140" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Ch180 Search vendor "Sony" for product "Snc Ch180" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Ch240 Search vendor "Sony" for product "Snc Ch240" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Ch280 Search vendor "Sony" for product "Snc Ch280" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh140 Search vendor "Sony" for product "Snc Dh140" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh140t Search vendor "Sony" for product "Snc Dh140t" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh180 Search vendor "Sony" for product "Snc Dh180" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh240 Search vendor "Sony" for product "Snc Dh240" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh240t Search vendor "Sony" for product "Snc Dh240t" | - | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Snc Dh280 Search vendor "Sony" for product "Snc Dh280" | - | - |
Affected
| ||||||