Details of VAR-201401-0286

ID

VAR-201401-0286

CVE

CVE-2013-7204

TITLE

Conceptronic CIPCAMPTIWL Camera Cross-site request forgery vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-005854

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. Conceptronic CIPCAMPTIWL is an IP camera device. Conceptronic CIPCAMPTIWL is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Conceptronic CIPCAMPTIWL Camera is a wireless network camera product of German Conceptronic Company

Trust: 2.52

sources: NVD: CVE-2013-7204 // JVNDB: JVNDB-2013-005854 // CNVD: CNVD-2014-00230 // BID: 64761 // VULHUB: VHN-67206

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2014-00230

AFFECTED PRODUCTS

vendor:	conceptronic	model:	cipcamptiwl	scope:	eq	version:	1.0	Trust: 1.8
vendor:	conceptronic	model:	cipcamptiwl 1.0	scope:	eq	version:	21.37.2.49	Trust: 1.6
vendor:	conceptronic	model:	cipcamptiwl	scope:	eq	version:	21.37.2.49	Trust: 0.8
vendor:	conceptronic	model:	camera cipcamptiwl	scope:	eq	version:	21.37.2.49	Trust: 0.6

sources: CNVD: CNVD-2014-00230 // JVNDB: JVNDB-2013-005854 // CNNVD: CNNVD-201401-188 // NVD: CVE-2013-7204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7204
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-7204
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00230
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-188
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-67206
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-7204
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00230
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-67206
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00230 // VULHUB: VHN-67206 // JVNDB: JVNDB-2013-005854 // CNNVD: CNNVD-201401-188 // NVD: CVE-2013-7204

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-67206 // JVNDB: JVNDB-2013-005854 // NVD: CVE-2013-7204

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-188

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201401-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005854

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-67206

PATCH

title:	Wireless Pan&Tilt Network Camera	url:	http://www.conceptronic.net/product.php?id=617&linkid=589	Trust: 0.8
title:	Conceptronic CIPCAMPTIWL 'set_users.cgi' patch for cross-site request forgery vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/42357	Trust: 0.6

sources: CNVD: CNVD-2014-00230 // JVNDB: JVNDB-2013-005854

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7204	Trust: 3.5
db:	OSVDB	id:	101930	Trust: 2.5
db:	EXPLOIT-DB	id:	30914	Trust: 1.7
db:	BID	id:	64761	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-005854	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-188	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00230	Trust: 0.6
db:	BUGTRAQ	id:	20140110 [CVE-2013-7204] CSRF IN CONCEPTRONIC IP CAMERA (CIPCAMPTIWL)	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	SEEBUG	id:	SSVID-84271	Trust: 0.1
db:	PACKETSTORM	id:	124747	Trust: 0.1
db:	VULHUB	id:	VHN-67206	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2014-00230 // VULHUB: VHN-67206 // BID: 64761 // JVNDB: JVNDB-2013-005854 // CNNVD: CNNVD-201401-188 // NVD: CVE-2013-7204

REFERENCES

url:	http://osvdb.org/101930	Trust: 2.5
url:	http://www.exploit-db.com/exploits/30914	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/530717/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7204	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7204	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/530717	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/530717/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/bid/64761	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2014-00230 // VULHUB: VHN-67206 // JVNDB: JVNDB-2013-005854 // CNNVD: CNNVD-201401-188 // NVD: CVE-2013-7204

CREDITS

Felipe Molina

Trust: 0.9

sources: BID: 64761 // CNNVD: CNNVD-201401-188

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2014-00230
db:	VULHUB	id:	VHN-67206
db:	BID	id:	64761
db:	JVNDB	id:	JVNDB-2013-005854
db:	CNNVD	id:	CNNVD-201401-188
db:	NVD	id:	CVE-2013-7204

LAST UPDATE DATE

2025-04-11T22:13:55.419000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00230	date:	2014-01-15T00:00:00
db:	VULHUB	id:	VHN-67206	date:	2018-10-09T00:00:00
db:	BID	id:	64761	date:	2014-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-005854	date:	2014-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201401-188	date:	2014-01-22T00:00:00
db:	NVD	id:	CVE-2013-7204	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00230	date:	2014-01-15T00:00:00
db:	VULHUB	id:	VHN-67206	date:	2014-01-17T00:00:00
db:	BID	id:	64761	date:	2014-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-005854	date:	2014-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201401-188	date:	2014-01-14T00:00:00
db:	NVD	id:	CVE-2013-7204	date:	2014-01-17T15:18:02.683