FKIE_CVE-2013-3539

Vulnerability from fkie_nvd - Published: 2013-10-01 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
References
cve@mitre.orghttp://seclists.org/fulldisclosure/2013/Jun/84Exploit
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Jun/84Exploit
Impacted products
Vendor Product Version
ovislink airlive_wl2600cam -
sony snc_ch140 -
sony snc_ch180 -
sony snc_ch240 -
sony snc_ch280 -
sony snc_dh140 -
sony snc_dh140t -
sony snc_dh180 -
sony snc_dh240 -
sony snc_dh240t -
sony snc_dh280 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "047A5975-DB64-4A14-95E2-DE4C8767380C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F7EE6A1-1C2D-46AB-A2E5-BA337FEE5944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "886547A6-964B-4317-B87E-41E4A21E00F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95967F17-022B-46AC-A9EA-F28029349B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71CFC6B-07C7-42A4-A670-04E9BC2C7823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DA6E7C-4FCE-4E3C-A8E9-9CE8F95382D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A32A946-AABA-4ED4-8937-D3529EA238D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BBE3056-8EC1-48E9-876E-5C08D545D1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F047FD-AA62-4B4E-B1F9-1572024FE115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA03E7A7-30C7-4260-9DAE-01356A162654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6859F4-615A-4623-A592-EACE0E4FE1CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-site request forgery (CSRF) en command/user.cgi de Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, y posiblemente otros mod\u00e9los de cm\u00e1mara permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de a\u00f1adir usuario."
    }
  ],
  "id": "CVE-2013-3539",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T19:55:03.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jun/84"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.