CVE-2013-3690

Published Oct 1, 2013

Last updated 11 years ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:brickom:100ap_device_firmware:3.1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61DF271C-7A04-49A1-B247-40F252D7C9C2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:brickom:fb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A458982-22F6-4637-87F3-C4AB9A08CEB9"
          },
          {
            "criteria": "cpe:2.3:h:brickom:md-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A11EA2A-225D-4A48-B387-D47AE4967AA5"
          },
          {
            "criteria": "cpe:2.3:h:brickom:ob-100ae:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDD3960-F8A0-493B-8C16-3A3A4192A0E3"
          },
          {
            "criteria": "cpe:2.3:h:brickom:osd-040e:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F24E61C0-A910-4A0E-9B6C-FFCE6792CF77"
          },
          {
            "criteria": "cpe:2.3:h:brickom:wcb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C61EFCAD-7876-4CB2-937B-565206C44C25"
          },
          {
            "criteria": "cpe:2.3:h:brickom:wfb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A2DBA19-9BE5-456D-AFF6-81767F7EDD2D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References