cbcvebase.
CVE-2013-1599
published 2020-01-28

CVE-2013-1599: A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Affected

19 ranges
VendorProductVersion rangeFixed in
dlinkdcs-1100_firmware
dlinkdcs-1100_firmware
dlinkdcs-1100l_firmware
dlinkdcs-1130_firmware
dlinkdcs-1130_firmware
dlinkdcs-1130l_firmware
dlinkdcs-2102_firmware
dlinkdcs-2121_firmware
dlinkdcs-3410_firmware
dlinkdcs-3411_firmware
dlinkdcs-3430_firmware
dlinkdcs-5230_firmware
dlinkdcs-5230l_firmware
dlinkdcs-5605_firmware
dlinkdcs-5635_firmware
dlinkdcs-6410_firmware
dlinkdcs-7410_firmware
dlinkdcs-7510_firmware
dlinkwcs-1100_firmware

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL