CVE-2013-1600 : An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming

An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.

Published 2020-01-28 21:15:11

Updated 2020-02-04 17:53:42

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2013-1600

Dlink » Dcs-2102 Firmware » Version: 1.05
cpe:2.3:o:dlink:dcs-2102_firmware:1.05:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » Dcs-2102 » Version: N/A
Dlink » Dcs-2102 Firmware » Version: 1.06
cpe:2.3:o:dlink:dcs-2102_firmware:1.06:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » Dcs-2102 » Version: N/A
Dlink » Dcs-2121 Firmware » Version: 1.05
cpe:2.3:o:dlink:dcs-2121_firmware:1.05:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » Dcs-2121 » Version: N/A
Dlink » Dcs-2121 Firmware » Version: 1.06
cpe:2.3:o:dlink:dcs-2121_firmware:1.06:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » Dcs-2121 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2013-1600

EPSS FAQ

72.69%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1600

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2013-1600

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1600

https://vuldb.com/?id.8572

CVE-2013-1600 | D-Link IP Cameras asf-mp4.asf information disclosure (CORE-2013-0303 / BID-59566)
Permissions Required
https://packetstormsecurity.com/files/cve/CVE-2013-1600

CVE-2013-1600 ≈ Packet Storm
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/59566

Multiple D-Link Products CVE-2013-1600 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry
https://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities

D-Link IP Cameras Multiple Vulnerabilities | Core Security
Exploit;Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/83916

Multiple D-Link products CVE-2013-1600 asf-mp4.asf security bypass CVE-2013-1600 Vulnerability Report
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2013-1600

Products affected by CVE-2013-1600

Exploit prediction scoring system (EPSS) score for CVE-2013-1600

CVSS scores for CVE-2013-1600

CWE ids for CVE-2013-1600

References for CVE-2013-1600