Sign-up

ID

VAR-201910-1336


CVE

CVE-2013-1391


TITLE

Multiple products web Authentication vulnerabilities in interfaces

Trust: 0.8

sources: JVNDB: JVNDB-2013-006882

DESCRIPTION

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. Multiple products web There are authentication vulnerabilities in the interface.Information may be obtained. Hunt CCTV is a manufacturer that provides surveillance cameras and closed-circuit television. Multiple Hunt CCTV devices have security vulnerabilities that allow an attacker to submit a simple GET request without any authentication to get the entire backup configuration file. Multiple Hunt CCTV devices are prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2013-1391 // JVNDB: JVNDB-2013-006882 // CNVD: CNVD-2013-00647 // BID: 57579

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-00647

AFFECTED PRODUCTS

vendor:huntcctvmodel:dr6-708a4hscope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dr6-7316a4hlscope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dr6-7316a4hscope:eqversion: -

Trust: 1.0

vendor:capturecctvmodel:cdr 0820vdescope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dr6-704a4hscope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dvr-04ncscope:eqversion: -

Trust: 1.0

vendor:novuscctvmodel:nv-dvr1208scope:eqversion: -

Trust: 1.0

vendor:hachimodel:hv-08rd proscope:eqversion: -

Trust: 1.0

vendor:novuscctvmodel:nv-dvr1204scope:eqversion: -

Trust: 1.0

vendor:novuscctvmodel:nv-dvr1216scope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:hdr-04kdscope:eqversion: -

Trust: 1.0

vendor:capturecctvmodel:cdr 0410vescope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dvr-04chscope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dvr-08ncscope:eqversion: -

Trust: 1.0

vendor:hachimodel:hv-04rd proscope:eqversion: -

Trust: 1.0

vendor:vspmodel:tw-dvr604scope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dvr-08chscope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:dvr-16chscope:eqversion: -

Trust: 1.0

vendor:vspmodel:tw-dvr616scope:eqversion: -

Trust: 1.0

vendor:huntcctvmodel:hdr-08kdscope:eqversion: -

Trust: 1.0

vendor:hunt electronicmodel:dr6-704a4hscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dr6-708a4hscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dr6-7316a4hscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dr6-7316a4hlscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dvr-04chscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dvr-04ncscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dvr-08chscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dvr-08ncscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:dvr-16chscope: - version: -

Trust: 0.8

vendor:hunt electronicmodel:hdr-04kdscope: - version: -

Trust: 0.8

vendor:huntmodel:cctv dvr-04ncscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dvr-08/dvr-08chscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dvr-08ncscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dvr-16/dvr-16chscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv cdr 0410vescope: - version: -

Trust: 0.6

vendor:huntmodel:cctv cdr 0820vdescope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dr6-704a4hscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dr6-708a4hscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dr6-7316a4hscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dr6-7316a4hlscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv hdr-04kdscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv hdr-08kdscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv hv-04rd proscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv hv-08rd proscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv nv-dvr1204scope: - version: -

Trust: 0.6

vendor:huntmodel:cctv nv-dvr1216scope: - version: -

Trust: 0.6

vendor:huntmodel:cctv tw-dvr604scope: - version: -

Trust: 0.6

vendor:huntmodel:cctv tw-dvr616scope: - version: -

Trust: 0.6

vendor:huntmodel:cctv dvr-04/dvr-04chscope: - version: -

Trust: 0.6

vendor:huntmodel:cctv nv-dvr1208scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-00647 // JVNDB: JVNDB-2013-006882 // NVD: CVE-2013-1391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1391
value: HIGH

Trust: 1.0

NVD: CVE-2013-1391
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201301-573
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-1391
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2013-1391
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2013-1391
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2013-006882 // CNNVD: CNNVD-201301-573 // NVD: CVE-2013-1391

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2013-006882 // NVD: CVE-2013-1391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-573

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201301-573

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006882

PATCH
title:Top Pageurl:https://huntcctv.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006882

EXTERNAL IDS
db:NVDid:CVE-2013-1391
Trust: 3.3
db:BIDid:57579
Trust: 2.7
db:JVNDBid:JVNDB-2013-006882
Trust: 0.8
db:CNVDid:CNVD-2013-00647
Trust: 0.6
db:CNNVDid:CNNVD-201301-573
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-00647 // 
            
            
            
            BID: 57579 // 
            
            
            
            JVNDB: JVNDB-2013-006882 // 
            
            
            
            CNNVD: CNNVD-201301-573 // 
            
            
            
            NVD: CVE-2013-1391

REFERENCES
url:https://www.securityfocus.com/bid/57579/info
Trust: 2.4
url:https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
Trust: 1.6
url:http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2013-1391
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1391
Trust: 0.8
url:http://seclists.org/fulldisclosure/2013/jan/246
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-00647 // 
            
            
            
            JVNDB: JVNDB-2013-006882 // 
            
            
            
            CNNVD: CNNVD-201301-573 // 
            
            
            
            NVD: CVE-2013-1391

CREDITS
Alejandro Ramos
Trust: 0.9
sources:
            
            
            BID: 57579 // 
            
            
            
            CNNVD: CNNVD-201301-573

SOURCES
db:CNVDid:CNVD-2013-00647
db:BIDid:57579
db:JVNDBid:JVNDB-2013-006882
db:CNNVDid:CNNVD-201301-573
db:NVDid:CVE-2013-1391

LAST UPDATE DATE
2024-08-14T14:32:27.697000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-00647date:2013-02-01T00:00:00
db:BIDid:57579date:2013-01-29T00:00:00
db:JVNDBid:JVNDB-2013-006882date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201301-573date:2021-07-12T00:00:00
db:NVDid:CVE-2013-1391date:2019-11-05T16:33:55.230

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-00647date:2013-02-01T00:00:00
db:BIDid:57579date:2013-01-29T00:00:00
db:JVNDBid:JVNDB-2013-006882date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201301-573date:2013-01-31T00:00:00
db:NVDid:CVE-2013-1391date:2019-10-30T21:15:11.507