VAR-201401-0286
Vulnerability from variot - Updated: 2025-04-11 22:13Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. Conceptronic CIPCAMPTIWL is an IP camera device. Conceptronic CIPCAMPTIWL is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Conceptronic CIPCAMPTIWL Camera is a wireless network camera product of German Conceptronic Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cipcamptiwl",
"scope": "eq",
"trust": 1.8,
"vendor": "conceptronic",
"version": "1.0"
},
{
"model": "cipcamptiwl 1.0",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "21.37.2.49"
},
{
"model": "cipcamptiwl",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "21.37.2.49"
},
{
"model": "camera cipcamptiwl",
"scope": "eq",
"trust": 0.6,
"vendor": "conceptronic",
"version": "21.37.2.49"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:cipcamptiwl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:conceptronic:cipcamptiwl_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felipe Molina",
"sources": [
{
"db": "BID",
"id": "64761"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
}
],
"trust": 0.9
},
"cve": "CVE-2013-7204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-7204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00230",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-67206",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7204",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-7204",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00230",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67206",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "VULHUB",
"id": "VHN-67206"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. Conceptronic CIPCAMPTIWL is an IP camera device. Conceptronic CIPCAMPTIWL is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Conceptronic CIPCAMPTIWL Camera is a wireless network camera product of German Conceptronic Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7204"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "BID",
"id": "64761"
},
{
"db": "VULHUB",
"id": "VHN-67206"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67206",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67206"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7204",
"trust": 3.5
},
{
"db": "OSVDB",
"id": "101930",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "30914",
"trust": 1.7
},
{
"db": "BID",
"id": "64761",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00230",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20140110 [CVE-2013-7204] CSRF IN CONCEPTRONIC IP CAMERA (CIPCAMPTIWL)",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124747",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67206",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "VULHUB",
"id": "VHN-67206"
},
{
"db": "BID",
"id": "64761"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"id": "VAR-201401-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "VULHUB",
"id": "VHN-67206"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
}
]
},
"last_update_date": "2025-04-11T22:13:55.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless Pan\u0026Tilt Network Camera",
"trust": 0.8,
"url": "http://www.conceptronic.net/product.php?id=617\u0026linkid=589"
},
{
"title": "Conceptronic CIPCAMPTIWL \u0027set_users.cgi\u0027 patch for cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42357"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67206"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://osvdb.org/101930"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30914"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/530717/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7204"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7204"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/530717"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/530717/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64761"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "VULHUB",
"id": "VHN-67206"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"db": "VULHUB",
"id": "VHN-67206"
},
{
"db": "BID",
"id": "64761"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"date": "2014-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-67206"
},
{
"date": "2014-01-10T00:00:00",
"db": "BID",
"id": "64761"
},
{
"date": "2014-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"date": "2014-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"date": "2014-01-17T15:18:02.683000",
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00230"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-67206"
},
{
"date": "2014-01-10T00:00:00",
"db": "BID",
"id": "64761"
},
{
"date": "2014-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005854"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-188"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-7204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic CIPCAMPTIWL Camera Cross-site request forgery vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-188"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…