CVE-2013-3312: CSRF
First published: Thu Nov 21 2019(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Loftek Nexus 543 Firmware | ||
| Loftek Nexus 543 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2013-3312?
CVE-2013-3312 is a vulnerability that allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords or firewall configuration in the Loftek Nexus 543 IP Camera.
How severe is CVE-2013-3312?
CVE-2013-3312 has a severity rating of 8.8 (high).
What is affected by CVE-2013-3312?
CVE-2013-3312 affects the Loftek Nexus 543 IP Camera with the Loftek Nexus 543 Firmware version.
How can the authentication hijacking be exploited in CVE-2013-3312?
Remote attackers can exploit CVE-2013-3312 by sending requests to set_users.cgi endpoint to change passwords or firewall configuration without proper authentication.
Are there any references or additional information available for CVE-2013-3312?
Yes, you can find more information about CVE-2013-3312 at these references: http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera and https://www.exploit-db.com/exploits/27878
- collector/nvd-index
- vendor/loftek
- canonical/loftek nexus 543 firmware
- canonical/loftek nexus 543