Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1602

CWE-200Information Exposure5 documents4 sources
Severity
7.5HIGH
EPSS
54.7%
top 1.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
17
Dlink Dcs-1100 FirmwareDlink Dcs-1100l FirmwareDlink Dcs-1130 Firmware+14 more
Timeline
PublishedJan 28
Latest updateMay 5

Description

An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages17 packages

NVDdlink/dcs-1100_firmware1.03, 1.04+1

🔴Vulnerability Details

2
GHSA
GHSA-2hp5-8v8q-wx26: An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 12022-05-05
CVEList
CVE-2013-1602: An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 12020-01-28

💥Exploits & PoCs

2
Exploit-DB
Google Android - 'APK' code Remote Security Bypass2013-07-03
Exploit-DB
D-Link IP Cameras - Multiple Vulnerabilities2013-05-01
CVE-2013-1602 (HIGH CVSS 7.5) | An Information Disclosure vulnerabi | cvebase.io