CVE-2013-3313

Published: Nov 21, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.

Affected (1)

Products: Loftek: Nexus 543 Firmware

1 product

Nexus 543 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Loftek Nexus 543 Firmware	All versions

Running on/with	Platform Versions
Loftek Nexus 543	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://www.securityfocus.com/bid/61971

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera

Source: cve@mitre.org

Exploit

https://www.exploit-db.com/exploits/27878

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/61971

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.exploit-db.com/exploits/27878

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.