Published: 21/11/2019 Updated: 27/11/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Loftek Nexus 543 IP Camera allows remote malicious users to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
loftek nexus_543_firmware -

CSRF: <HTML><TITLE>Loftek Nexus 543 CSRF PoC</TITLE> <IMG SRC="ip-camera-address/set_userscgi?next_url=rebootmehtm&user1=admin&pwd1=password&pri1=2&user2=anon&pwd2=password&pri2=0&user3=&pwd3=&pri3=1&user4=&pwd4=&pri4=0&user5=&pwd5=&pri5=0&user6=&pwd6 ...

CWE-200 http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera http://www.exploit-db.com/exploits/27878 http://www.securityfocus.com/bid/61969 https://nvd.nist.gov https://www.exploit-db.com/exploits/27878/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-3314

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect