Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovislink | Airlive Wl2600Cam | - |
| Sony | Snc Ch140 | - |
| Sony | Snc Ch180 | - |
| Sony | Snc Ch240 | - |
| Sony | Snc Ch280 | - |
| Sony | Snc Dh140 | - |
| Sony | Snc Dh140T | - |
| Sony | Snc Dh180 | - |
| Sony | Snc Dh240 | - |
| Sony | Snc Dh240T | - |
| Sony | Snc Dh280 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2013/Jun/84Exploit
- http://seclists.org/fulldisclosure/2013/Jun/84Exploit
FAQ
What is CVE-2013-3539?
CVE-2013-3539 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and poss...
How severe is CVE-2013-3539?
CVE-2013-3539 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3539?
Check the references section above for vendor advisories and patch information. Affected products include: Ovislink Airlive Wl2600Cam, Sony Snc Ch140, Sony Snc Ch180, Sony Snc Ch240, Sony Snc Ch280.