CVE-2013-1598: OS Command Injection
First published: Fri Jan 24 2020(Updated: )
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vivotek Pt7135 Firmware | =0300a | |
| Vivotek Pt7135 Firmware | =0400a | |
| Vivotek PT7135 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/59575
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83946
- https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt
- https://packetstormsecurity.com/files/cve/CVE-2013-1598
- https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities
Frequently Asked Questions
What is CVE-2013-1598?
CVE-2013-1598 is a Command Injection vulnerability that exists in Vivotek PT7135 IP Cameras 0300a and 0400a.
How does CVE-2013-1598 work?
CVE-2013-1598 allows a malicious user to execute arbitrary code by exploiting the system.ntp parameter to the farseer.out binary file.
What is the severity of CVE-2013-1598?
CVE-2013-1598 has a severity rating of 8.8 (critical).
Which software versions are affected by CVE-2013-1598?
Vivotek PT7135 IP Cameras with firmware versions 0300a and 0400a are affected.
How can CVE-2013-1598 be mitigated?
To mitigate CVE-2013-1598, users should update to a patched firmware version provided by Vivotek.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- vendor/vivotek
- canonical/vivotek pt7135 firmware
- version/vivotek pt7135 firmware/0300a
- version/vivotek pt7135 firmware/0400a
- canonical/vivotek pt7135