cbcvebase.
CVE-2013-1598
published 2020-01-24

CVE-2013-1598: A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold…

PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
20.46%
97.2th percentile
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.

Affected

2 ranges
VendorProductVersion rangeFixed in
vivotekpt7135_firmware
vivotekpt7135_firmware

Detection & IOCsextracted from sources · hover to see the quote

filenamefarseer.out
commandsystem.ntp
port554
urlhttp://192.168.1.100/cgi-bin/admin/getparam.cgi
urlhttp://192.168.1.100/setup/parafile.html
path/cgi-bin/admin/getparam.cgi
path/../../
  • Detect OS command injection attempts targeting the 'system.ntp' parameter in HTTP requests to the 'farseer.out' binary on Vivotek PT7135 cameras.
  • CVE-2013-1598 is pre-authentication on firmware 0300a and post-authentication on firmware 0400a; alert on 'system.ntp' manipulation regardless of authentication state.
  • Monitor HTTP requests containing 'getparam.cgi' in the URI path as an indicator of CVE-2013-1594 information-leak exploitation attempts against Vivotek cameras.
  • Monitor RTSP traffic on TCP port 554 for oversized Authorization: Basic headers (1000–10000+ characters) indicative of CVE-2013-1595 buffer overflow exploitation.
  • Detect path traversal attempts using '/../../' sequences in HTTP requests to Vivotek camera web interfaces.
  • ·CVE-2013-1598 command injection via 'system.ntp' is pre-authentication on firmware 0300a but requires authentication on firmware 0400a; detection rules should account for both authenticated and unauthenticated request contexts.
  • ·Other Vivotek camera models beyond PT7135 may share the same vulnerable firmware and be susceptible to the same attack vectors.
  • ·No official vendor patch was available at time of advisory publication; mitigation relies on network-level filtering controls.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.