First published: Thu Nov 21 2019(Updated: )
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Loftek Nexus 543 Firmware | ||
Loftek Nexus 543 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2013-3313.
The severity of CVE-2013-3313 is high (7.5).
CVE-2013-3313 affects Loftek Nexus 543 IP Camera firmware by storing passwords in cleartext, allowing remote attackers to obtain sensitive information.
A remote attacker can exploit CVE-2013-3313 by sending an HTTP GET request to check_users.cgi to obtain cleartext passwords.
Yes, you can find references for CVE-2013-3313 at the following links: [Link 1](http://www.securityfocus.com/bid/61971), [Link 2](http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera), [Link 3](https://www.exploit-db.com/exploits/27878).