CVE-2013-1603
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
28/01/2020
Last modified:
26/04/2021
Description
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dcs-3411_firmware:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-3411:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-3430_firmware:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-3430:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-5605_firmware:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-5605:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-5635_firmware:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-5635:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100l_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1100l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1130l_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1130l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100_firmware:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dcs-1100_firmware:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page