10

CVE-2013-1599

Exploit

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Data is provided by the National Vulnerability Database (NVD)
DlinkDcs-3411 Firmware Version1.02
   DlinkDcs-3411 Version-
DlinkDcs-3430 Firmware Version1.02
   DlinkDcs-3430 Version-
DlinkDcs-5605 Firmware Version1.01
   DlinkDcs-5605 Version-
DlinkDcs-5635 Firmware Version1.01
   DlinkDcs-5635 Version-
DlinkDcs-1100l Firmware Version1.04
   DlinkDcs-1100l Version-
DlinkDcs-1130l Firmware Version1.04
   DlinkDcs-1130l Version-
DlinkDcs-1100 Firmware Version1.03
   DlinkDcs-1100 Version-
DlinkDcs-1100 Firmware Version1.04
   DlinkDcs-1100 Version-
DlinkDcs-1130 Firmware Version1.03
   DlinkDcs-1130 Version-
DlinkDcs-1130 Firmware Version1.04
   DlinkDcs-1130 Version-
DlinkDcs-2102 Firmware Version1.05
   DlinkDcs-2102 Version-
DlinkDcs-2121 Firmware Version1.05
   DlinkDcs-2121 Version-
DlinkDcs-3410 Firmware Version1.02
   DlinkDcs-3410 Version-
DlinkDcs-5230 Firmware Version1.02
   DlinkDcs-5230 Version-
DlinkDcs-5230l Firmware Version1.02
   DlinkDcs-5230l Version-
DlinkDcs-6410 Firmware Version1.00
   DlinkDcs-6410 Version-
DlinkDcs-7410 Firmware Version1.00
   DlinkDcs-7410 Version-
DlinkDcs-7510 Firmware Version1.00
   DlinkDcs-7510 Version-
DlinkWcs-1100 Firmware Version1.00
   DlinkWcs-1100 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.29% 0.997
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://www.exploit-db.com/exploits/25138
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/59564
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2013/Apr/253
Third Party Advisory
Exploit
Mailing List