First published: Thu Nov 21 2019(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Loftek Nexus 543 Firmware | ||
Loftek Nexus 543 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-3312 is a vulnerability that allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords or firewall configuration in the Loftek Nexus 543 IP Camera.
CVE-2013-3312 has a severity rating of 8.8 (high).
CVE-2013-3312 affects the Loftek Nexus 543 IP Camera with the Loftek Nexus 543 Firmware version.
Remote attackers can exploit CVE-2013-3312 by sending requests to set_users.cgi endpoint to change passwords or firewall configuration without proper authentication.
Yes, you can find more information about CVE-2013-3312 at these references: http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera and https://www.exploit-db.com/exploits/27878