First published: Tue Jan 28 2020(Updated: )
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dcs-3411 Firmware | =1.02 | |
Dlink Dcs-3411 | ||
Dlink Dcs-3430 Firmware | =1.02 | |
Dlink Dcs-3430 | ||
Dlink Dcs-5605 Firmware | =1.01 | |
Dlink Dcs-5605 | ||
Dlink Dcs-5635 Firmware | =1.01 | |
Dlink Dcs-5635 | ||
Dlink Dcs-1100l Firmware | =1.04 | |
Dlink Dcs-1100l | ||
Dlink Dcs-1130l Firmware | =1.04 | |
Dlink Dcs-1130l | ||
Dlink Dcs-1100 Firmware | =1.03 | |
Dlink Dcs-1100 Firmware | =1.04 | |
Dlink Dcs-1100 | ||
Dlink Dcs-1130 Firmware | =1.03 | |
Dlink Dcs-1130 Firmware | =1.04 | |
Dlink Dcs-1130 | ||
Dlink Dcs-2102 Firmware | =1.05 | |
Dlink Dcs-2102 Firmware | =1.06 | |
Dlink Dcs-2102 | ||
Dlink Dcs-2121 Firmware | =1.05 | |
Dlink Dcs-2121 Firmware | =1.06 | |
Dlink Dcs-2121 | ||
Dlink Dcs-3410 Firmware | =1.02 | |
Dlink Dcs-3410 | ||
Dlink Dcs-5230 Firmware | =1.02 | |
Dlink Dcs-5230 | ||
Dlink Dcs-5230l Firmware | =1.02 | |
Dlink Dcs-5230l | ||
Dlink Dcs-6410 Firmware | =1.00 | |
Dlink Dcs-6410 | ||
Dlink Dcs-7410 Firmware | =1.00 | |
Dlink Dcs-7410 | ||
Dlink Dcs-7510 Firmware | =1.00 | |
Dlink Dcs-7510 | ||
Dlink Wcs-1100 Firmware | =1.00 | |
Dlink Wcs-1100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-1602 is an Information Disclosure vulnerability in D-Link DCS-5635, DCS-1100L, DCS-1130L, DCS-1100, DCS-1130, DCS-2102, DCS-2121, and other models.
CVE-2013-1602 has a severity rating of 7.5 (High).
CVE-2013-1602 allows attackers to gain sensitive information by exploiting insufficient authentication cookie validation in the RTSP session.
D-Link DCS-5635, DCS-1100L, DCS-1130L, DCS-1100, DCS-1130, DCS-2102, DCS-2121, and other models are affected by CVE-2013-1602.
To fix CVE-2013-1602, update to the latest firmware version provided by D-Link.