Published: 01/10/2013 Updated: 02/10/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote malicious users to hijack the authentication of administrators for requests that add users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sony snc ch280 -
sony snc dh140 -
sony snc dh140t -
sony snc dh180 -
sony snc ch180 -
sony snc dh240t -
ovislink airlive wl2600cam -
sony snc ch140 -
sony snc ch240 -
sony snc dh240 -
sony snc dh280 -

source: wwwsecurityfocuscom/bid/60529/info Sony CH and DH series IP cameras including SNCCH140, SNCCH180, SNCCH240, SNCCH280, SNCDH140, SNCDH140T, SNCDH180, SNCDH240, SNCDH240T, and SNCDH280 are prone to multiple cross-site request-forgery vulnerabilities Exploiting these issues may allow a remote attacker to perform certain unauthorize ...

Sony CH and DH series IP cameras suffer from a cross site request forgery vulnerability ...

CWE-352 http://seclists.org/fulldisclosure/2013/Jun/84 https://nvd.nist.gov https://www.exploit-db.com/exploits/38583/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-3539

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect