CVE-2013-1595
published 2020-01-24CVE-2013-1595: A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
41.60%
98.5th percentile
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vivotek | pt7135_firmware | — | — |
| vivotek | pt7135_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized RTSP Authorization: Basic header values (1000–10000+ bytes) sent to TCP port 554 targeting Vivotek PT7135 cameras — indicative of CVE-2013-1595 buffer overflow exploitation attempt. ↗
- →Monitor HTTP GET requests to '/cgi-bin/admin/getparam.cgi' and '/setup/parafile.html' on Vivotek camera web interfaces for unauthenticated credential harvesting (CVE-2013-1594). ↗
- →Alert on RTSP DESCRIBE requests to TCP port 554 where the Authorization header length exceeds normal bounds (e.g., >500 bytes), as the PoC uses 1000 and 10000 'a' characters. ↗
- →Detect RTSP DESCRIBE requests using the session descriptor 'live.sdp' combined with an oversized Authorization header on port 554. ↗
- →Monitor requests to 'farseer.out' binary containing the parameter 'system.ntp' for OS command injection attempts (CVE-2013-1598). ↗
- ·CVE-2013-1598 (OS command injection) is pre-authentication on firmware 0300a but requires post-authentication on firmware 0400a — detection rules should account for both authenticated and unauthenticated request contexts depending on firmware version. ↗
- ·No official vendor patch was provided; vendor did not respond to disclosure attempts. Mitigation relies entirely on network-level filtering. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/59573https://exchange.xforce.ibmcloud.com/vulnerabilities/83944https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txthttps://packetstormsecurity.com/files/cve/CVE-2013-1595https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilitieshttp://www.securityfocus.com/bid/59573https://exchange.xforce.ibmcloud.com/vulnerabilities/83944https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txthttps://packetstormsecurity.com/files/cve/CVE-2013-1595https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities
2020-01-24
Published