Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1600

CWE-287Improper Authentication5 documents5 sources
Severity
5.3MEDIUM
EPSS
72.9%
top 1.22%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dlink Dcs-2102 FirmwareDlink Dcs-2121 Firmware
Timeline
PublishedJan 28
Latest updateMay 5

Description

An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDdlink/dcs-2102_firmware1.05, 1.06+1
NVDdlink/dcs-2121_firmware1.05, 1.06+1

🔴Vulnerability Details

2
GHSA
GHSA-58cq-g7cr-hggr: An Authentication Bypass vulnerability exists in upnp/asf-mp42022-05-05
CVEList
CVE-2013-1600: An Authentication Bypass vulnerability exists in upnp/asf-mp42020-01-28

💥Exploits & PoCs

1
Exploit-DB
D-Link IP Cameras - Multiple Vulnerabilities2013-05-01

🔍Detection Rules

1
Suricata
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1600)2014-11-25
CVE-2013-1600 (MEDIUM CVSS 5.3) | An Authentication Bypass vulnerabil | cvebase.io