CVE-2013-3540

2013-10-0423:55:03

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.005

Percentile

76.7%

JSON

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

Affected configurations

Nvd

Node

ovislinkairlive_od-2025hdMatch-

ovislinkairlive_od-2060hdMatch-

ovislinkairlive_poe100hdMatch-

ovislinkairlive_poe200hdMatch-

ovislinkairlive_poe250hdMatch-

ovislinkairlive_poe2600hdMatch-

VendorProductVersionCPE
ovislinkairlive_od-2025hd-cpe:2.3:h:ovislink:airlive_od-2025hd:-:*:*:*:*:*:*:*
ovislinkairlive_od-2060hd-cpe:2.3:h:ovislink:airlive_od-2060hd:-:*:*:*:*:*:*:*
ovislinkairlive_poe100hd-cpe:2.3:h:ovislink:airlive_poe100hd:-:*:*:*:*:*:*:*
ovislinkairlive_poe200hd-cpe:2.3:h:ovislink:airlive_poe200hd:-:*:*:*:*:*:*:*
ovislinkairlive_poe250hd-cpe:2.3:h:ovislink:airlive_poe250hd:-:*:*:*:*:*:*:*
ovislinkairlive_poe2600hd-cpe:2.3:h:ovislink:airlive_poe2600hd:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ovislink	airlive_od-2025hd	-	cpe:2.3:h:ovislink:airlive_od-2025hd:-:::::::*
ovislink	airlive_od-2060hd	-	cpe:2.3:h:ovislink:airlive_od-2060hd:-:::::::*
ovislink	airlive_poe100hd	-	cpe:2.3:h:ovislink:airlive_poe100hd:-:::::::*
ovislink	airlive_poe200hd	-	cpe:2.3:h:ovislink:airlive_poe200hd:-:::::::*
ovislink	airlive_poe250hd	-	cpe:2.3:h:ovislink:airlive_poe250hd:-:::::::*
ovislink	airlive_poe2600hd	-	cpe:2.3:h:ovislink:airlive_poe2600hd:-:::::::*