Sign-up

ID

VAR-201310-0206


CVE

CVE-2013-3688


TITLE

plural TP-Link IP Cameras Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004535

DESCRIPTION

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault. The TP-LINK TL-SC3171 is a network camera product. The TP-LINK TL-SC3171 has an authentication bypass vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands, gain unauthorized access, and bypass security restrictions. TP-LINK TL-SC3171 IP camera is prone to an authentication-bypass vulnerability. Other attacks may also be possible. http://drupal.org/node/207891. The vulnerability is caused by the program not properly restricting access to administrator functions. The following models are affected: TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G

Trust: 2.52

sources: NVD: CVE-2013-3688 // JVNDB: JVNDB-2013-004535 // CNVD: CNVD-2013-07493 // BID: 60530 // VULHUB: VHN-63690

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-07493

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-sc3171scope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:tl-sc3130gscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:tl-sc3171gscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:tl-sc3130scope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:lmscope:lteversion:1.6.18p12_sign5

Trust: 1.0

vendor:tp linkmodel:fimware lmscope:ltversion:.1.6.18p12_sign6

Trust: 0.8

vendor:tp linkmodel:tl-sc3130scope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-sc3130gscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-sc3171scope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-sc3171gscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-sc3171 ip camerascope: - version: -

Trust: 0.6

vendor:tp linkmodel:tl-sc3171scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-07493 // BID: 60530 // JVNDB: JVNDB-2013-004535 // CNNVD: CNNVD-201306-256 // NVD: CVE-2013-3688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3688
value: HIGH

Trust: 1.0

NVD: CVE-2013-3688
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-07493
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201306-256
value: HIGH

Trust: 0.6

VULHUB: VHN-63690
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3688
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-07493
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63690
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-07493 // VULHUB: VHN-63690 // JVNDB: JVNDB-2013-004535 // CNNVD: CNNVD-201306-256 // NVD: CVE-2013-3688

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63690 // JVNDB: JVNDB-2013-004535 // NVD: CVE-2013-3688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-256

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201306-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004535

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63690

PATCH
title:IP Camerasurl:http://www.tp-link.com/en/products/?categoryid=207
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004535

EXTERNAL IDS
db:NVDid:CVE-2013-3688
Trust: 3.4
db:BIDid:60530
Trust: 1.6
db:JVNDBid:JVNDB-2013-004535
Trust: 0.8
db:CNNVDid:CNNVD-201306-256
Trust: 0.7
db:CNVDid:CNVD-2013-07493
Trust: 0.6
db:FULLDISCid:20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS
Trust: 0.6
db:PACKETSTORMid:122007
Trust: 0.1
db:VULHUBid:VHN-63690
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-07493 // 
            
            
            
            VULHUB: VHN-63690 // 
            
            
            
            BID: 60530 // 
            
            
            
            JVNDB: JVNDB-2013-004535 // 
            
            
            
            CNNVD: CNNVD-201306-256 // 
            
            
            
            NVD: CVE-2013-3688

REFERENCES
url:http://seclists.org/fulldisclosure/2013/jun/84
Trust: 2.8
url:http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras
Trust: 2.5
url:http://www.securityfocus.com/bid/60530
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3688
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3688
Trust: 0.8
url:http://www.tp-link.com/en/products/details/?model=tl-sc3171
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-07493 // 
            
            
            
            VULHUB: VHN-63690 // 
            
            
            
            BID: 60530 // 
            
            
            
            JVNDB: JVNDB-2013-004535 // 
            
            
            
            CNNVD: CNNVD-201306-256 // 
            
            
            
            NVD: CVE-2013-3688

CREDITS
Eliezer Varad Lopez, Javier Repiso Snchez and Jons Ropero Castillo
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201306-256

SOURCES
db:CNVDid:CNVD-2013-07493
db:VULHUBid:VHN-63690
db:BIDid:60530
db:JVNDBid:JVNDB-2013-004535
db:CNNVDid:CNNVD-201306-256
db:NVDid:CVE-2013-3688

LAST UPDATE DATE
2025-04-11T21:18:57.731000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-07493date:2013-06-18T00:00:00
db:VULHUBid:VHN-63690date:2013-10-04T00:00:00
db:BIDid:60530date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-004535date:2013-10-09T00:00:00
db:CNNVDid:CNNVD-201306-256date:2013-10-16T00:00:00
db:NVDid:CVE-2013-3688date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-07493date:2013-06-18T00:00:00
db:VULHUBid:VHN-63690date:2013-10-01T00:00:00
db:BIDid:60530date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-004535date:2013-10-09T00:00:00
db:CNNVDid:CNNVD-201306-256date:2013-06-18T00:00:00
db:NVDid:CVE-2013-3688date:2013-10-01T19:55:09.367