cbcvebase.
CVE-2013-1595
published 2020-01-24

CVE-2013-1595: A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
41.60%
98.5th percentile
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

Affected

2 ranges
VendorProductVersion rangeFixed in
vivotekpt7135_firmware
vivotekpt7135_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Detect oversized RTSP Authorization: Basic header values (1000–10000+ bytes) sent to TCP port 554 targeting Vivotek PT7135 cameras — indicative of CVE-2013-1595 buffer overflow exploitation attempt.
  • Monitor HTTP GET requests to '/cgi-bin/admin/getparam.cgi' and '/setup/parafile.html' on Vivotek camera web interfaces for unauthenticated credential harvesting (CVE-2013-1594).
  • Alert on RTSP DESCRIBE requests to TCP port 554 where the Authorization header length exceeds normal bounds (e.g., >500 bytes), as the PoC uses 1000 and 10000 'a' characters.
  • Detect RTSP DESCRIBE requests using the session descriptor 'live.sdp' combined with an oversized Authorization header on port 554.
  • Monitor requests to 'farseer.out' binary containing the parameter 'system.ntp' for OS command injection attempts (CVE-2013-1598).
  • ·CVE-2013-1598 (OS command injection) is pre-authentication on firmware 0300a but requires post-authentication on firmware 0400a — detection rules should account for both authenticated and unauthenticated request contexts depending on firmware version.
  • ·No official vendor patch was provided; vendor did not respond to disclosure attempts. Mitigation relies entirely on network-level filtering.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.