VAR-201912-1601
Vulnerability from variot - Updated: 2024-11-23 22:37Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream. Vivotek IP Camera Contains an incorrect authentication vulnerability.Information may be obtained. Vivotek IP cameras are webcam devices. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip8332",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105a"
},
{
"model": "ip8332",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105b"
},
{
"model": "ip7361",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105a"
},
{
"model": "ip7160",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105a"
},
{
"model": "ip7361",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105b"
},
{
"model": "ip7160",
"scope": "eq",
"trust": 1.0,
"vendor": "vivotek",
"version": "0105b"
},
{
"model": "ip7160",
"scope": null,
"trust": 0.8,
"vendor": "vivotek",
"version": null
},
{
"model": "ip7361",
"scope": null,
"trust": 0.8,
"vendor": "vivotek",
"version": null
},
{
"model": "ip8332",
"scope": null,
"trust": 0.8,
"vendor": "vivotek",
"version": null
},
{
"model": "ip cameras ip8332",
"scope": null,
"trust": 0.6,
"vendor": "vivotek",
"version": null
},
{
"model": "ip cameras ip7361",
"scope": null,
"trust": 0.6,
"vendor": "vivotek",
"version": null
},
{
"model": "ip cameras ip7160",
"scope": null,
"trust": 0.6,
"vendor": "vivotek",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:vivotek:ip7160_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:vivotek:ip7361_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:vivotek:ip8332_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Di Paola of Core Security QA Team.",
"sources": [
{
"db": "BID",
"id": "63541"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4985",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14364",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-4985",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-4985",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4985",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-4985",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-14364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-085",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream. Vivotek IP Camera Contains an incorrect authentication vulnerability.Information may be obtained. Vivotek IP cameras are webcam devices. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4985"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "BID",
"id": "63541"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4985",
"trust": 3.3
},
{
"db": "BID",
"id": "63541",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "29516",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-14364",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "BID",
"id": "63541"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"id": "VAR-201912-1601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
}
]
},
"last_update_date": "2024-11-23T22:37:34.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vivotek.com/"
},
{
"title": "Vivotek IP Cameras RTSP Remote Verification Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.coresecurity.com/advisories/vivotek-ip-cameras-rtsp-authentication-bypass"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/29516"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/63541"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4985"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4985"
},
{
"trust": 0.3,
"url": "http://www.vivotek.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "BID",
"id": "63541"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"db": "BID",
"id": "63541"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"date": "2013-11-05T00:00:00",
"db": "BID",
"id": "63541"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"date": "2013-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"date": "2019-12-27T17:15:15.937000",
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14364"
},
{
"date": "2013-12-10T00:57:00",
"db": "BID",
"id": "63541"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007067"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-085"
},
{
"date": "2024-11-21T01:56:51.090000",
"db": "NVD",
"id": "CVE-2013-4985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vivotek IP Camera Vulnerable to unauthorized authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-085"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…