ID

VAR-201911-1466


CVE

CVE-2013-3312


TITLE

Loftek Nexus 543 Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-12757 // CNNVD: CNNVD-201911-1267

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi. Loftek Nexus 543 Ip Camera is a webcam product. Such as changing the password and so on

Trust: 2.16

sources: NVD: CVE-2013-3312 // JVNDB: JVNDB-2013-006955 // CNVD: CNVD-2013-12757

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-12757

AFFECTED PRODUCTS

vendor:loftekmodel:nexus 543scope:eqversion: -

Trust: 1.0

vendor:loftekmodel:nexus 543scope: - version: -

Trust: 0.8

vendor:loftekmodel:nexusscope:eqversion:543

Trust: 0.6

sources: CNVD: CNVD-2013-12757 // JVNDB: JVNDB-2013-006955 // NVD: CVE-2013-3312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3312
value: HIGH

Trust: 1.0

NVD: CVE-2013-3312
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-12757
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-1267
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-3312
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12757
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-3312
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2013-3312
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2013-12757 // JVNDB: JVNDB-2013-006955 // CNNVD: CNNVD-201911-1267 // NVD: CVE-2013-3312

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2013-006955 // NVD: CVE-2013-3312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1267

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201911-1267

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006955

PATCH

title:Top Pageurl:https://www.loftek.us

Trust: 0.8

title:Patch for the Loftek Nexus 543 Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/39237

Trust: 0.6

sources: CNVD: CNVD-2013-12757 // JVNDB: JVNDB-2013-006955

EXTERNAL IDS

db:NVDid:CVE-2013-3312

Trust: 3.2

db:EXPLOIT-DBid:27878

Trust: 1.6

db:JVNDBid:JVNDB-2013-006955

Trust: 0.8

db:CNVDid:CNVD-2013-12757

Trust: 0.6

db:CNNVDid:CNNVD-201911-1267

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:PACKETSTORMid:122942

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-12757 // JVNDB: JVNDB-2013-006955 // PACKETSTORM: 122942 // CNNVD: CNNVD-201911-1267 // NVD: CVE-2013-3312

REFERENCES

url:https://www.exploit-db.com/exploits/27878

Trust: 1.6

url:http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-3312

Trust: 1.5

url:https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera/

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3312

Trust: 0.8

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3311

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3314

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-12757 // JVNDB: JVNDB-2013-006955 // PACKETSTORM: 122942 // CNNVD: CNNVD-201911-1267 // NVD: CVE-2013-3312

CREDITS

Craig Young

Trust: 0.1

sources: PACKETSTORM: 122942

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2013-12757
db:JVNDBid:JVNDB-2013-006955
db:PACKETSTORMid:122942
db:CNNVDid:CNNVD-201911-1267
db:NVDid:CVE-2013-3312

LAST UPDATE DATE

2025-01-30T21:30:28.998000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-12757date:2013-09-04T00:00:00
db:JVNDBid:JVNDB-2013-006955date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201911-1267date:2020-07-14T00:00:00
db:NVDid:CVE-2013-3312date:2019-11-27T15:55:08.400

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-12757date:2013-09-02T00:00:00
db:JVNDBid:JVNDB-2013-006955date:2019-12-02T00:00:00
db:PACKETSTORMid:122942date:2013-08-23T06:19:50
db:CNNVDid:CNNVD-201911-1267date:2019-11-21T00:00:00
db:NVDid:CVE-2013-3312date:2019-11-21T20:15:15.300