CVE-2013-3690

Published Oct 1, 2013

Last updated a month ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:brickcom:100ap_device_firmware:3.1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C749291-D2A6-41CD-AF03-E0DAE0056FA0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:brickcom:fb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8793329F-0144-40FB-A2C5-AC5F8E3A2DAF"
          },
          {
            "criteria": "cpe:2.3:h:brickcom:md-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7272E6B1-E94B-463E-843B-DCD5448718B5"
          },
          {
            "criteria": "cpe:2.3:h:brickcom:ob-100ae:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8DC5FA0-0BD5-41A3-8924-AC775728A763"
          },
          {
            "criteria": "cpe:2.3:h:brickcom:osd-040e:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BDD54A2-36B9-4A17-8C2D-A0CCB9CD5379"
          },
          {
            "criteria": "cpe:2.3:h:brickcom:wcb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A2CF165-23AA-4C7D-9D8F-3A225CAB3193"
          },
          {
            "criteria": "cpe:2.3:h:brickcom:wfb-100ap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9DD4683-503D-4F23-A9D3-531A04207E37"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References