Details of VAR-201912-1601

ID

VAR-201912-1601

CVE

CVE-2013-4985

TITLE

Vivotek IP Camera Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-007067

DESCRIPTION

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream. Vivotek IP Camera Contains an incorrect authentication vulnerability.Information may be obtained. Vivotek IP cameras are webcam devices. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device

Trust: 2.43

sources: NVD: CVE-2013-4985 // JVNDB: JVNDB-2013-007067 // CNVD: CNVD-2013-14364 // BID: 63541

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14364

AFFECTED PRODUCTS

vendor:	vivotek	model:	ip8332	scope:	eq	version:	0105a	Trust: 1.0
vendor:	vivotek	model:	ip8332	scope:	eq	version:	0105b	Trust: 1.0
vendor:	vivotek	model:	ip7361	scope:	eq	version:	0105a	Trust: 1.0
vendor:	vivotek	model:	ip7160	scope:	eq	version:	0105a	Trust: 1.0
vendor:	vivotek	model:	ip7361	scope:	eq	version:	0105b	Trust: 1.0
vendor:	vivotek	model:	ip7160	scope:	eq	version:	0105b	Trust: 1.0
vendor:	vivotek	model:	ip7160	scope:	-	version:	-	Trust: 0.8
vendor:	vivotek	model:	ip7361	scope:	-	version:	-	Trust: 0.8
vendor:	vivotek	model:	ip8332	scope:	-	version:	-	Trust: 0.8
vendor:	vivotek	model:	ip cameras ip8332	scope:	-	version:	-	Trust: 0.6
vendor:	vivotek	model:	ip cameras ip7361	scope:	-	version:	-	Trust: 0.6
vendor:	vivotek	model:	ip cameras ip7160	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-14364 // JVNDB: JVNDB-2013-007067 // NVD: CVE-2013-4985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4985
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4985
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-14364
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201311-085
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2013-4985
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14364
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-4985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2013-4985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-14364 // JVNDB: JVNDB-2013-007067 // CNNVD: CNNVD-201311-085 // NVD: CVE-2013-4985

PROBLEMTYPE DATA

problemtype:

CWE-863

Trust: 1.8

sources: JVNDB: JVNDB-2013-007067 // NVD: CVE-2013-4985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-085

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201311-085

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-007067

PATCH

title:	Top Page	url:	https://www.vivotek.com/	Trust: 0.8
title:	Vivotek IP Cameras RTSP Remote Verification Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/41009	Trust: 0.6

sources: CNVD: CNVD-2013-14364 // JVNDB: JVNDB-2013-007067

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4985	Trust: 3.3
db:	BID	id:	63541	Trust: 2.5
db:	EXPLOIT-DB	id:	29516	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-007067	Trust: 0.8
db:	CNVD	id:	CNVD-2013-14364	Trust: 0.6
db:	CNNVD	id:	CNNVD-201311-085	Trust: 0.6

sources: CNVD: CNVD-2013-14364 // BID: 63541 // JVNDB: JVNDB-2013-007067 // CNNVD: CNNVD-201311-085 // NVD: CVE-2013-4985

REFERENCES

url:	http://www.coresecurity.com/advisories/vivotek-ip-cameras-rtsp-authentication-bypass	Trust: 3.0
url:	http://www.exploit-db.com/exploits/29516	Trust: 1.6
url:	http://www.securityfocus.com/bid/63541	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4985	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4985	Trust: 0.8
url:	http://www.vivotek.com/	Trust: 0.3

sources: CNVD: CNVD-2013-14364 // BID: 63541 // JVNDB: JVNDB-2013-007067 // CNNVD: CNNVD-201311-085 // NVD: CVE-2013-4985

CREDITS

Martin Di Paola of Core Security QA Team.

Trust: 0.9

sources: BID: 63541 // CNNVD: CNNVD-201311-085

SOURCES

db:	CNVD	id:	CNVD-2013-14364
db:	BID	id:	63541
db:	JVNDB	id:	JVNDB-2013-007067
db:	CNNVD	id:	CNNVD-201311-085
db:	NVD	id:	CVE-2013-4985

LAST UPDATE DATE

2024-11-23T22:37:34.776000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14364	date:	2013-11-11T00:00:00
db:	BID	id:	63541	date:	2013-12-10T00:57:00
db:	JVNDB	id:	JVNDB-2013-007067	date:	2020-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201311-085	date:	2020-01-19T00:00:00
db:	NVD	id:	CVE-2013-4985	date:	2024-11-21T01:56:51.090

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14364	date:	2013-11-11T00:00:00
db:	BID	id:	63541	date:	2013-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2013-007067	date:	2020-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201311-085	date:	2013-11-07T00:00:00
db:	NVD	id:	CVE-2013-4985	date:	2019-12-27T17:15:15.937