CVE-2013-3539

CVE	CVE-2013-3539
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-10-01 19:55:00 UTC
Updated	2013-10-02 19:26:00 UTC
Description	Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

Problem Types: CWE-352

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ovislink	Airlive Wl2600cam	-	All	All	All
Hardware	Ovislink	Airlive Wl2600cam	-	All	All	All
Hardware	Sony	Snc Ch140	-	All	All	All
Hardware	Sony	Snc Ch140	-	All	All	All
Hardware	Sony	Snc Ch180	-	All	All	All
Hardware	Sony	Snc Ch180	-	All	All	All
Hardware	Sony	Snc Ch240	-	All	All	All
Hardware	Sony	Snc Ch240	-	All	All	All
Hardware	Sony	Snc Ch280	-	All	All	All
Hardware	Sony	Snc Ch280	-	All	All	All
Hardware	Sony	Snc Dh140	-	All	All	All
Hardware	Sony	Snc Dh140	-	All	All	All
Hardware	Sony	Snc Dh140t	-	All	All	All
Hardware	Sony	Snc Dh140t	-	All	All	All
Hardware	Sony	Snc Dh180	-	All	All	All
Hardware	Sony	Snc Dh180	-	All	All	All
Hardware	Sony	Snc Dh240	-	All	All	All
Hardware	Sony	Snc Dh240	-	All	All	All
Hardware	Sony	Snc Dh240t	-	All	All	All
Hardware	Sony	Snc Dh240t	-	All	All	All
Hardware	Sony	Snc Dh280	-	All	All	All
Hardware	Sony	Snc Dh280	-	All	All	All

Reference	Source	Link	Tags
Full Disclosure: Security Analysis of IP video surveillance cameras	FULLDISC	seclists.org	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.