Sign-up

ID

VAR-201310-0243


CVE

CVE-2013-3539


TITLE

plural SONY Cross-site request forgery vulnerability in network camera products

Trust: 0.8

sources: JVNDB: JVNDB-2013-004456

DESCRIPTION

plural SONY Network camera products command/user.cgi Contains a cross-site request forgery vulnerability.A third party could hijack the administrator's authentication and add users. Sony CH/DH Series IP Cameras are IP camera devices developed by Sony Corporation. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context, such as adding an administrator account. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks

Trust: 1.53

sources: JVNDB: JVNDB-2013-004456 // CNVD: CNVD-2013-07678 // BID: 60529

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-07678

AFFECTED PRODUCTS

vendor:sonymodel:snc dh280scope:eqversion: -

Trust: 1.6

vendor:sonymodel:snc ch280scope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc dh140tscope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc dh140scope:eqversion: -

Trust: 1.0

vendor:ovislinkmodel:airlive wl2600camscope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc dh240tscope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc ch140scope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc dh180scope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc ch240scope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc ch180scope:eqversion: -

Trust: 1.0

vendor:sonymodel:snc dh240scope:eqversion: -

Trust: 1.0

vendor:ovislinkmodel:wl-2600camscope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-ch140scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-ch180scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-ch240scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-ch280scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh140scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh140tscope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh180scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh240scope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh240tscope: - version: -

Trust: 0.8

vendor:sony businessmodel:snc-dh280scope: - version: -

Trust: 0.8

vendor:sonymodel:ch/dh seriesscope: - version: -

Trust: 0.6

vendor:sonymodel:sncdh280scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncdh240tscope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncdh240scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncdh180scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncdh140tscope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncdh140scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncch280scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncch240scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncch180scope:eqversion:0

Trust: 0.3

vendor:sonymodel:sncch140scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-07678 // BID: 60529 // JVNDB: JVNDB-2013-004456 // CNNVD: CNNVD-201306-255 // NVD: CVE-2013-3539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3539
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3539
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-07678
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201306-255
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-3539
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-07678
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-07678 // JVNDB: JVNDB-2013-004456 // CNNVD: CNNVD-201306-255 // NVD: CVE-2013-3539

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2013-004456 // NVD: CVE-2013-3539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-255

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201306-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004456

PATCH
title:WL-2600CAMurl:http://cz.airlive.com/product/WL-2600CAM
Trust: 0.8
title:ボックス型url:http://www.sony.jp/snc/lineup/series/box.html
Trust: 0.8
title:ドーム型url:http://www.sony.jp/snc/lineup/series/dome.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004456

EXTERNAL IDS
db:NVDid:CVE-2013-3539
Trust: 3.3
db:BIDid:60529
Trust: 1.5
db:JVNDBid:JVNDB-2013-004456
Trust: 0.8
db:CNVDid:CNVD-2013-07678
Trust: 0.6
db:FULLDISCid:20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS
Trust: 0.6
db:CNNVDid:CNNVD-201306-255
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-07678 // 
            
            
            
            BID: 60529 // 
            
            
            
            JVNDB: JVNDB-2013-004456 // 
            
            
            
            CNNVD: CNNVD-201306-255 // 
            
            
            
            NVD: CVE-2013-3539

REFERENCES
url:http://seclists.org/fulldisclosure/2013/jun/84
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3539
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3539
Trust: 0.8
url:http://www.securityfocus.com/bid/60529
Trust: 0.6
url:http://pro.sony.com/bbsc/ssr/product-sncch140/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncch180/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncch240/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncch280/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh140/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh140t/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh180/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh240/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh240t/
Trust: 0.3
url:http://pro.sony.com/bbsc/ssr/product-sncdh280/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-07678 // 
            
            
            
            BID: 60529 // 
            
            
            
            JVNDB: JVNDB-2013-004456 // 
            
            
            
            CNNVD: CNNVD-201306-255 // 
            
            
            
            NVD: CVE-2013-3539

CREDITS
JonAis Ropero Castillo
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201306-255

SOURCES
db:CNVDid:CNVD-2013-07678
db:BIDid:60529
db:JVNDBid:JVNDB-2013-004456
db:CNNVDid:CNNVD-201306-255
db:NVDid:CVE-2013-3539

LAST UPDATE DATE
2024-11-23T20:27:45.543000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-07678date:2013-06-20T00:00:00
db:BIDid:60529date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-004456date:2013-10-04T00:00:00
db:CNNVDid:CNNVD-201306-255date:2013-10-16T00:00:00
db:NVDid:CVE-2013-3539date:2024-11-21T01:53:51.143

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-07678date:2013-06-20T00:00:00
db:BIDid:60529date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-004456date:2013-10-04T00:00:00
db:CNNVDid:CNNVD-201306-255date:2013-06-20T00:00:00
db:NVDid:CVE-2013-3539date:2013-10-01T19:55:03.507