CVE-2013-3540

Published Oct 4, 2013

Last updated 11 years ago

Overview

Description: Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_od-2025hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E9EB4F7-936E-4F14-80B9-229F487AE72A"
          },
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_od-2060hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "900C1CF9-83BB-416F-9912-FEBDBBA50C45"
          },
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_poe100hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614196B2-B273-467E-8A54-AB2F656E331E"
          },
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_poe200hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADD365E4-8F40-4806-BF8B-44C5F9E35398"
          },
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_poe250hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "952713D2-C9EF-462B-8012-4CEB70BBA3F5"
          },
          {
            "criteria": "cpe:2.3:h:ovislink:airlive_poe2600hd:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EB96839-74C9-462F-ABF2-612D54624BC3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References