Vulnerability Description
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-3411 Firmware | 1.02 |
| Dlink | Dcs-3411 | - |
| Dlink | Dcs-3430 Firmware | 1.02 |
| Dlink | Dcs-3430 | - |
| Dlink | Dcs-5605 Firmware | 1.01 |
| Dlink | Dcs-5605 | - |
| Dlink | Dcs-5635 Firmware | 1.01 |
| Dlink | Dcs-5635 | - |
| Dlink | Dcs-1100L Firmware | 1.04 |
| Dlink | Dcs-1100L | - |
| Dlink | Dcs-1130L Firmware | 1.04 |
| Dlink | Dcs-1130L | - |
| Dlink | Dcs-1100 Firmware | 1.03 |
| Dlink | Dcs-1100 | - |
| Dlink | Dcs-1130 Firmware | 1.03 |
| Dlink | Dcs-1130 | - |
| Dlink | Dcs-2102 Firmware | 1.05 |
| Dlink | Dcs-2102 | - |
| Dlink | Dcs-2121 Firmware | 1.05 |
| Dlink | Dcs-2121 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/59569Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83942Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2013-1602Third Party AdvisoryVDB Entry
- https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilitiExploitThird Party Advisory
- http://www.securityfocus.com/bid/59569Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83942Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2013-1602Third Party AdvisoryVDB Entry
- https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilitiExploitThird Party Advisory
FAQ
What is CVE-2013-1602?
CVE-2013-1602 is a vulnerability with a CVSS score of 7.5 (HIGH). An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04...
How severe is CVE-2013-1602?
CVE-2013-1602 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1602?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dcs-3411 Firmware, Dlink Dcs-3411, Dlink Dcs-3430 Firmware, Dlink Dcs-3430, Dlink Dcs-5605 Firmware.