CVE-2013-3690

Published: Oct 1, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.

Affected (7)

Products: Brickcom: 100ap Device Firmware, Fb 100ap, Md 100ap, Ob 100ae, Osd 040e, Wcb 100ap, Wfb 100ap

Brickcom

7 products

100ap Device Firmware

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Brickcom 100ap Device Firmware	Version 3.1.0.8
Brickcom Fb 100ap	All versions
Brickcom Md 100ap	All versions
Brickcom Ob 100ae	All versions
Brickcom Osd 040e	All versions
Brickcom Wcb 100ap	All versions
Brickcom Wfb 100ap	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://seclists.org/fulldisclosure/2013/Jun/84

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2013/Jun/84

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.