VAR-201801-1340
Vulnerability from variot - Updated: 2024-11-23 22:00getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. FLIR Brickstream 2300 The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FLIR Brickstream 2300 is a customer flow analysis and statistics equipment of Canada FLIR company. An access control error vulnerability exists in the getConfigExportFile.cgi file in FLIR Brickstream 2300 version 2.0 4.1.53.166. An attacker could exploit this vulnerability to obtain information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "brickstream 2300 3d\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "flir",
"version": "2.0_4.1.53.166"
},
{
"model": "brickstream 2300 2d",
"scope": "eq",
"trust": 1.6,
"vendor": "flir",
"version": "2.0_4.1.53.166"
},
{
"model": "brickstream 2300 3d",
"scope": "eq",
"trust": 1.6,
"vendor": "flir",
"version": "2.0_4.1.53.166"
},
{
"model": "brickstream 2300 2d",
"scope": "eq",
"trust": 0.8,
"vendor": "flir",
"version": "2.0 4.1.53.166"
},
{
"model": "brickstream 2300 3d",
"scope": "eq",
"trust": 0.8,
"vendor": "flir",
"version": "2.0 4.1.53.166"
},
{
"model": "brickstream 2300 3d+",
"scope": "eq",
"trust": 0.8,
"vendor": "flir",
"version": "2.0 4.1.53.166"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:flir:brickstream_2300_2d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:flir:brickstream_2300_3d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:flir:brickstream_2300_3d%2B_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
}
]
},
"cve": "CVE-2018-3813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-3813",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-133844",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-3813",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3813",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-3813",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133844",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. FLIR Brickstream 2300 The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FLIR Brickstream 2300 is a customer flow analysis and statistics equipment of Canada FLIR company. An access control error vulnerability exists in the getConfigExportFile.cgi file in FLIR Brickstream 2300 version 2.0 4.1.53.166. An attacker could exploit this vulnerability to obtain information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3813"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "VULHUB",
"id": "VHN-133844"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3813",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98151",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-133844",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"id": "VAR-201801-1340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-133844"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:42.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.brickstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-79",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3813"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/01/brickstream-recuento-y-seguimiento-de.html"
},
{
"trust": 0.1,
"url": "https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-133844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-133844"
},
{
"date": "2018-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"date": "2018-01-01T20:29:00.207000",
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-133844"
},
{
"date": "2018-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001266"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-002"
},
{
"date": "2024-11-21T04:06:05.080000",
"db": "NVD",
"id": "CVE-2018-3813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FLIR Brickstream 2300 Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-002"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…