CVE-2013-1391
published 2019-10-30CVE-2013-1391: Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
76.11%
99.5th percentile
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to /DVR.cfg on DVR web interfaces, which discloses device configuration including credentials without authentication. ↗
- →This vulnerability is an authentication bypass on the DVR web interface allowing retrieval of the device configuration file; monitor for requests to /DVR.cfg from external/untrusted sources. ↗
- →Successful exploitation leaks credentials from the configuration file; hunt for USER strings in captured DVR.cfg responses. ↗
- ·Affected vendors include Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems; detection should be scoped to these device types. ↗
- ·A Metasploit auxiliary scanner module exists for this vulnerability (auxiliary/scanner/misc/dvr_config_disclosure), indicating it is actively weaponized and easily exploitable at scale. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjmg-9mfx-vg44: Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allow
ghsa_unreviewed·2022-05-05
CVE-2013-1391 [HIGH] CWE-287 GHSA-pjmg-9mfx-vg44: Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allow
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
Red Hat
kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2022-48715 [MEDIUM] CWE-20 kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
Running tests with a debug kernel shows that bnx2fc_recv_frame() is
modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot
a debug kernel and run the bnx2fc driver with the hardware enabled.
[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 1391.699183] Call Trace:
[ 1391.699188] dump_stack_lvl+0x57/0x7d
[ 1391.699198] check_preemption_disabled+0xc8/0xd
No detection rules found.
Exploit-DB
Multiple Hunt CCTV - Information Disclosure
exploitdb·2013-01-29
CVE-2013-1391 Multiple Hunt CCTV - Information Disclosure
Multiple Hunt CCTV - Information Disclosure
---
source: https://www.securityfocus.com/bid/57579/info
Multiple Hunt CCTV devices are prone to a remote information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks.
curl -v http://www.example.com/DVR.cfg | strings |grep -i USER
Metasploit
Multiple DVR Manufacturers Configuration Disclosure
metasploit
Multiple DVR Manufacturers Configuration Disclosure
Multiple DVR Manufacturers Configuration Disclosure
This module takes advantage of an authentication bypass vulnerability at the web interface of multiple manufacturers DVR systems, which allows to retrieve the device configuration.
http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.htmlhttps://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosurehttps://www.securityfocus.com/bid/57579/infohttp://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.htmlhttps://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosurehttps://www.securityfocus.com/bid/57579/info
2019-10-30
Published