CVE-2013-4982
published 2019-12-27CVE-2013-4982: AVTECH AVN801 DVR has a security bypass via the administration login captcha
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
13.12%
95.9th percentile
AVTECH AVN801 DVR has a security bypass via the administration login captcha
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avtech | avn801_dvr_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/cgi-bin/nobody/VerifyCode.cgi?account=YWRtaW46YWRtaW4=&captcha_code=FMUA&verify_code=FMUYyLOivRpgc↗
url/cgi-bin/nobody/VerifyCode.cgi?account=YWRtaW46YWRtaW4=&captcha_code=FMUF&verify_code=FMUYyLOivRpgc↗
- →CVE-2013-4982 captcha bypass: send GET request to /cgi-bin/nobody/VerifyCode.cgi with the 'login=quick' parameter to bypass verification code entirely without a valid captcha. ↗
- →CVE-2013-4982 captcha replay: attacker replays a hardcoded captcha_code and verify_code pair against /cgi-bin/nobody/VerifyCode.cgi with a base64-encoded account credential; a successful bypass returns HTTP 200 with a 5-byte body starting with '0' followed by 'OK'. ↗
- →Monitor HTTP responses to /cgi-bin/nobody/VerifyCode.cgi for a 200 status with body length of exactly 5 bytes matching regex '^0.*\nOK.*' as an indicator of successful captcha bypass. ↗
- →Shodan/FOFA fingerprinting: exposed AVTECH DVR login pages can be identified via Shodan query 'title:"login" product:"Avtech"' or FOFA query 'app="AVTECH-视频监控"'. ↗
- →CVE-2013-4980 (related): detect RTSP SETUP requests on port 554 with anomalously long URI strings (cyclic pattern or large padding) as indicators of buffer overflow exploitation attempts against the RTSP packet handler. ↗
- →CVE-2013-4981 (related): detect unauthenticated HTTP POST requests to /cgi-bin/user/Config.cgi with an excessively long 'Network.SMTP.Receivers' parameter value as an indicator of buffer overflow exploitation. ↗
- ·The hardcoded base64 account credential 'YWRtaW46YWRtaW4=' decodes to 'admin:admin', indicating the PoC targets default credentials; real-world attacks may use other credentials. ↗
- ·Affected firmware version is 1017-1003-1009-1003 on DVR 4CH H.264 (AVTECH AVN801); older versions are likely affected but were not confirmed. ↗
- ·The Nuclei template uses a pitchfork attack with hardcoded credentials (admin:linux321); detection logic depends on a 5-byte response body matching '^0.*\nOK.*', which may vary across firmware versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
exploitdb·2013-08-29·CVSS 9.0
CVE-2013-4982 [CRITICAL] AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
AVTECH DVR multiple vulnerabilities
1. *Advisory Information*
Title: AVTECH DVR multiple vulnerabilities
Advisory ID: CORE-2013-0726
Advisory URL:
http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities
Date published: 2013-08-28
Date of last update: 2013-08-28
Vendors contacted: AVTECH Corporation
Release mode: User release
2. *Vulnerability Information*
Class: Buffer overflow [CWE-119], Buffer overflow [CWE-119], Improper
Access Control [CWE-284]
Impact: Code execution, Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2013-4980, CVE-2013-4981, CVE-2013-4982
3. *Vulnerability Description*
Mu
Nuclei
AVTECH DVR - Login Verification Code Bypass
nuclei·CVSS 9.8
CVE-2013-4982 [CRITICAL] AVTECH DVR - Login Verification Code Bypass
AVTECH DVR - Login Verification Code Bypass
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
Template:
id: CVE-2013-4982
info:
name: AVTECH DVR - Login Verification Code Bypass
author: ritikchaddha
severity: low
description: |
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
impact: |
Attackers can bypass authentication mechanisms and gain unauthorized access to the DVR system, potentially viewing camera feeds, modifying settings, or compromising the device.
remediation: |
Update to the latest firmware version or contact the vendor for a security patch.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4982
http://seclists.org/fulldisclosure/2013/Aug/284http://www.securityfocus.com/bid/62035https://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilitieshttp://seclists.org/fulldisclosure/2013/Aug/284http://www.securityfocus.com/bid/62035https://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities
2019-12-27
Published