CVE-2013-1598
published 2020-01-24CVE-2013-1598: A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
20.46%
97.2th percentile
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vivotek | pt7135_firmware | — | — |
| vivotek | pt7135_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect OS command injection attempts targeting the 'system.ntp' parameter in HTTP requests to the 'farseer.out' binary on Vivotek PT7135 cameras. ↗
- →CVE-2013-1598 is pre-authentication on firmware 0300a and post-authentication on firmware 0400a; alert on 'system.ntp' manipulation regardless of authentication state. ↗
- →Monitor HTTP requests containing 'getparam.cgi' in the URI path as an indicator of CVE-2013-1594 information-leak exploitation attempts against Vivotek cameras. ↗
- →Monitor RTSP traffic on TCP port 554 for oversized Authorization: Basic headers (1000–10000+ characters) indicative of CVE-2013-1595 buffer overflow exploitation. ↗
- →Detect path traversal attempts using '/../../' sequences in HTTP requests to Vivotek camera web interfaces. ↗
- ·CVE-2013-1598 command injection via 'system.ntp' is pre-authentication on firmware 0300a but requires authentication on firmware 0400a; detection rules should account for both authenticated and unauthenticated request contexts. ↗
- ·Other Vivotek camera models beyond PT7135 may share the same vulnerable firmware and be susceptible to the same attack vectors. ↗
- ·No official vendor patch was available at time of advisory publication; mitigation relies on network-level filtering controls. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/59575https://exchange.xforce.ibmcloud.com/vulnerabilities/83946https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txthttps://packetstormsecurity.com/files/cve/CVE-2013-1598https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilitieshttp://www.securityfocus.com/bid/59575https://exchange.xforce.ibmcloud.com/vulnerabilities/83946https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txthttps://packetstormsecurity.com/files/cve/CVE-2013-1598https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities
2020-01-24
Published