CVE-2013-3313
First published: Thu Nov 21 2019(Updated: )
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Loftek Nexus 543 Firmware | ||
| Loftek Nexus 543 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2013-3313.
What is the severity of CVE-2013-3313?
The severity of CVE-2013-3313 is high (7.5).
How does CVE-2013-3313 affect Loftek Nexus 543 IP Camera firmware?
CVE-2013-3313 affects Loftek Nexus 543 IP Camera firmware by storing passwords in cleartext, allowing remote attackers to obtain sensitive information.
How can a remote attacker exploit CVE-2013-3313?
A remote attacker can exploit CVE-2013-3313 by sending an HTTP GET request to check_users.cgi to obtain cleartext passwords.
Are there any references for CVE-2013-3313?
Yes, you can find references for CVE-2013-3313 at the following links: [Link 1](http://www.securityfocus.com/bid/61971), [Link 2](http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera), [Link 3](https://www.exploit-db.com/exploits/27878).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- vendor/loftek
- canonical/loftek nexus 543 firmware
- canonical/loftek nexus 543