CVE-2013-1602
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
28/01/2020
Last modified:
26/04/2021
Description
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dcs-3411_firmware:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-3411:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-3430_firmware:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-3430:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-5605_firmware:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-5605:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-5635_firmware:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-5635:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100l_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1100l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1130l_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1130l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100_firmware:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page