Vulnerability Details : CVE-2013-1599
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
Exploit prediction scoring system (EPSS) score for CVE-2013-1599
Probability of exploitation activity in the next 30 days: 91.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2013-1599
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1599
-
http://www.securityfocus.com/bid/59564
Multiple D-Link Products CVE-2013-1599 Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://packetstormsecurity.com/files/cve/CVE-2013-1599
CVE-2013-1599 ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/25138
D-Link IP Cameras - Multiple Vulnerabilities - Hardware webapps ExploitExploit;Third Party Advisory;VDB Entry
-
https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities
D-Link IP Cameras Multiple Vulnerabilities | Core SecurityExploit;Third Party Advisory
-
https://seclists.org/fulldisclosure/2013/Apr/253
Full Disclosure: CORE-2013-0303 - D-Link IP Cameras Multiple VulnerabilitiesExploit;Mailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83941
Multiple D-Link products CVE-2013-1599 rtpd.cgi command execution CVE-2013-1599 Vulnerability ReportThird Party Advisory;VDB Entry
Products affected by CVE-2013-1599
- cpe:2.3:o:dlink:dcs-1130_firmware:1.03:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-1130_firmware:1.04:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-1100_firmware:1.03:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-1100_firmware:1.04:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-2102_firmware:1.05:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-2121_firmware:1.05:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-3411_firmware:1.02:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-3430_firmware:1.02:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-5605_firmware:1.01:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-5635_firmware:1.01:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-1100l_firmware:1.04:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-1130l_firmware:1.04:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-3410_firmware:1.02:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-5230_firmware:1.02:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-5230l_firmware:1.02:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-6410_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-7410_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dcs-7510_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:wcs-1100_firmware:1.00:*:*:*:*:*:*:*