cvelistv5 - CVE-2013-3539

CVE-2013-3539 (GCVE-0-2013-3539)

Vulnerability from cvelistv5 – Published: 2013-10-01 19:00 – Updated: 2024-09-16 16:54

Summary

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://seclists.org/fulldisclosure/2013/Jun/84

mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130612 Security Analysis of IP video surveillance cameras",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-01T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20130612 Security Analysis of IP video surveillance cameras",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130612 Security Analysis of IP video surveillance cameras",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3539",
    "datePublished": "2013-10-01T19:00:00Z",
    "dateReserved": "2013-05-14T00:00:00Z",
    "dateUpdated": "2024-09-16T16:54:12.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"047A5975-DB64-4A14-95E2-DE4C8767380C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F7EE6A1-1C2D-46AB-A2E5-BA337FEE5944\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"886547A6-964B-4317-B87E-41E4A21E00F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95967F17-022B-46AC-A9EA-F28029349B2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D71CFC6B-07C7-42A4-A670-04E9BC2C7823\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25DA6E7C-4FCE-4E3C-A8E9-9CE8F95382D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A32A946-AABA-4ED4-8937-D3529EA238D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BBE3056-8EC1-48E9-876E-5C08D545D1E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85F047FD-AA62-4B4E-B1F9-1572024FE115\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA03E7A7-30C7-4260-9DAE-01356A162654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD6859F4-615A-4623-A592-EACE0E4FE1CB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros mod\\u00e9los de cm\\u00e1mara permiten a atacantes remotos secuestrar la autenticaci\\u00f3n de administradores para peticiones de a\\u00f1adir usuario.\"}]",
      "id": "CVE-2013-3539",
      "lastModified": "2024-11-21T01:53:51.143",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-10-01T19:55:03.507",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2013/Jun/84\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2013/Jun/84\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3539\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-10-01T19:55:03.507\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros mod\u00e9los de cm\u00e1mara permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de a\u00f1adir usuario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"047A5975-DB64-4A14-95E2-DE4C8767380C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7EE6A1-1C2D-46AB-A2E5-BA337FEE5944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"886547A6-964B-4317-B87E-41E4A21E00F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95967F17-022B-46AC-A9EA-F28029349B2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D71CFC6B-07C7-42A4-A670-04E9BC2C7823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DA6E7C-4FCE-4E3C-A8E9-9CE8F95382D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A32A946-AABA-4ED4-8937-D3529EA238D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BBE3056-8EC1-48E9-876E-5C08D545D1E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85F047FD-AA62-4B4E-B1F9-1572024FE115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA03E7A7-30C7-4260-9DAE-01356A162654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD6859F4-615A-4623-A592-EACE0E4FE1CB\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2013/Jun/84\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2013/Jun/84\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

GHSA-C3JM-VWQ8-2RP9

Vulnerability from github – Published: 2022-05-17 05:03 – Updated: 2022-05-17 05:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-01T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.",
  "id": "GHSA-c3jm-vwq8-2rp9",
  "modified": "2022-05-17T05:03:35Z",
  "published": "2022-05-17T05:03:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3539"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-3539

Vulnerability from fkie_nvd - Published: 2013-10-01 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://seclists.org/fulldisclosure/2013/Jun/84	Exploit
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2013/Jun/84	Exploit

Impacted products

Vendor	Product	Version
ovislink	airlive_wl2600cam	-
sony	snc_ch140	-
sony	snc_ch180	-
sony	snc_ch240	-
sony	snc_ch280	-
sony	snc_dh140	-
sony	snc_dh140t	-
sony	snc_dh180	-
sony	snc_dh240	-
sony	snc_dh240t	-
sony	snc_dh280	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "047A5975-DB64-4A14-95E2-DE4C8767380C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F7EE6A1-1C2D-46AB-A2E5-BA337FEE5944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "886547A6-964B-4317-B87E-41E4A21E00F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95967F17-022B-46AC-A9EA-F28029349B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71CFC6B-07C7-42A4-A670-04E9BC2C7823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DA6E7C-4FCE-4E3C-A8E9-9CE8F95382D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A32A946-AABA-4ED4-8937-D3529EA238D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BBE3056-8EC1-48E9-876E-5C08D545D1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F047FD-AA62-4B4E-B1F9-1572024FE115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA03E7A7-30C7-4260-9DAE-01356A162654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6859F4-615A-4623-A592-EACE0E4FE1CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros mod\u00e9los de cm\u00e1mara permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de a\u00f1adir usuario."
    }
  ],
  "id": "CVE-2013-3539",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T19:55:03.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201310-0243

Vulnerability from variot - Updated: 2023-12-18 10:48

plural SONY Network camera products command/user.cgi Contains a cross-site request forgery vulnerability.A third party could hijack the administrator's authentication and add users. Sony CH/DH Series IP Cameras are IP camera devices developed by Sony Corporation. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context, such as adding an administrator account. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0243",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "snc dh280",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc ch240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc dh180",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc dh140t",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc ch280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc ch140",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc dh240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "airlive wl2600cam",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ovislink",
        "version": null
      },
      {
        "model": "snc dh140",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc dh240t",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "snc ch180",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "wl-2600cam",
        "scope": null,
        "trust": 0.8,
        "vendor": "ovislink",
        "version": null
      },
      {
        "model": "snc-ch140",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-ch180",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-ch240",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-ch280",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh140",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh140t",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh180",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh240",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh240t",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "snc-dh280",
        "scope": null,
        "trust": 0.8,
        "vendor": "sony business",
        "version": null
      },
      {
        "model": "ch/dh series",
        "scope": null,
        "trust": 0.6,
        "vendor": "sony",
        "version": null
      },
      {
        "model": "sncdh280",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncdh240t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncdh240",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncdh180",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncdh140t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncdh140",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncch280",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncch240",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncch180",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      },
      {
        "model": "sncch140",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sony",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "BID",
        "id": "60529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JonAis Ropero Castillo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2013-3539",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-3539",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-07678",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-3539",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-07678",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201306-255",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural SONY Network camera products command/user.cgi Contains a cross-site request forgery vulnerability.A third party could hijack the administrator\u0027s authentication and add users. Sony CH/DH Series IP Cameras are IP camera devices developed by Sony Corporation. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context, such as adding an administrator account. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "BID",
        "id": "60529"
      }
    ],
    "trust": 1.53
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3539",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "60529",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "BID",
        "id": "60529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "id": "VAR-201310-0243",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      }
    ]
  },
  "last_update_date": "2023-12-18T10:48:39.045000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WL-2600CAM",
        "trust": 0.8,
        "url": "http://cz.airlive.com/product/wl-2600cam"
      },
      {
        "title": "\u30dc\u30c3\u30af\u30b9\u578b",
        "trust": 0.8,
        "url": "http://www.sony.jp/snc/lineup/series/box.html"
      },
      {
        "title": "\u30c9\u30fc\u30e0\u578b",
        "trust": 0.8,
        "url": "http://www.sony.jp/snc/lineup/series/dome.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://seclists.org/fulldisclosure/2013/jun/84"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3539"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3539"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/60529"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncch140/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncch180/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncch240/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncch280/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh140/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh140t/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh180/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh240/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh240t/"
      },
      {
        "trust": 0.3,
        "url": "http://pro.sony.com/bbsc/ssr/product-sncdh280/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "BID",
        "id": "60529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "db": "BID",
        "id": "60529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "date": "2013-06-12T00:00:00",
        "db": "BID",
        "id": "60529"
      },
      {
        "date": "2013-10-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "date": "2013-10-01T19:55:03.507000",
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "date": "2013-06-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07678"
      },
      {
        "date": "2013-06-12T00:00:00",
        "db": "BID",
        "id": "60529"
      },
      {
        "date": "2013-10-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      },
      {
        "date": "2013-10-02T19:26:03.280000",
        "db": "NVD",
        "id": "CVE-2013-3539"
      },
      {
        "date": "2013-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SONY Cross-site request forgery vulnerability in network camera products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004456"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-255"
      }
    ],
    "trust": 0.6
  }
}

GSD-2013-3539

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3539

Aliases

CVE-2013-3539

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3539",
    "description": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.",
    "id": "GSD-2013-3539"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3539"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.",
      "id": "GSD-2013-3539",
      "modified": "2023-12-13T01:22:22.443727Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-3539",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130612 Security Analysis of IP video surveillance cameras",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3539"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130612 Security Analysis of IP video surveillance cameras",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-10-02T19:26Z",
      "publishedDate": "2013-10-01T19:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3539 (GCVE-0-2013-3539)

GHSA-C3JM-VWQ8-2RP9

FKIE_CVE-2013-3539

VAR-201310-0243

GSD-2013-3539

Tags

Sightings

Nomenclature