21 matches found
EUVD-2013-3247
Malware in sbrugna...
EUVD-2013-3248
Malware in sbrugna...
CVE-2013-3313
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...
CVE-2013-3314
The Loftek Nexus 543 IP Camera allows remote attackers to obtain 1 IP addresses via a request to getrealip.cgi or 2 firmware versions ui and system, timestamp, serial number, p2p port number, and wifi status via a request to getstatus.cgi...
CVE-2013-3311
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. dot dot in the URL of an HTTP GET request...
Directory traversal
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...
Cross site request forgery (csrf)
The Loftek Nexus 543 IP Camera allows remote attackers to obtain 1 IP addresses via a request to getrealip.cgi or 2 firmware versions ui and system, timestamp, serial number, p2p port number, and wifi status via a request to getstatus.cgi...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change 1 passwords or 2 firewall configuration, as demonstrated by a request to setusers.cgi...
CVE-2013-3311
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. dot dot in the URL of an HTTP GET request...
CVE-2013-3311
CVE-2013-3311 (Loftek Nexus 543 IP Camera) is a directory traversal vulnerability that allows remote attackers to read arbitrary files by manipulating the URL in an HTTP GET request (".." sequence). Connected materials also describe a related issue (CVE-2013-3313) where passwords are stored in cl...
CVE-2013-3312
The CVE-2013-3312 entry concerns the Loftek Nexus 543 IP Camera and describes multiple CSRF vulnerabilities that allow an attacker to hijack user authentication to perform change requests, specifically altering passwords or firewall configuration via a request to set_users.cgi. The connected docu...
CVE-2013-3312
Multiple cross-site request forgery CSRF vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change 1 passwords or 2 firewall configuration, as demonstrated by a request to setusers.cgi...
CVE-2013-3313
Affected product: Loftek Nexus 543 IP Camera. Vulnerability details: CVE-2013-3313 exposes passwords in cleartext via an HTTP GET to check_users.cgi. The entry references related access via a directory traversal flaw in CVE-2013-3311, which can be leveraged to read sensitive data from the device ...
CVE-2013-3313
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...
CVE-2013-3314
The Loftek Nexus 543 IP Camera allows remote attackers to obtain 1 IP addresses via a request to getrealip.cgi or 2 firmware versions ui and system, timestamp, serial number, p2p port number, and wifi status via a request to getstatus.cgi...
CVE-2013-3314
CVE-2013-3314 affects the Loftek Nexus 543 IP Camera. The issue allows remote attackers to disclose sensitive device information via specific CGI endpoints: an attacker can obtain IP addresses with a request to get_realip.cgi or firmware versions, timestamp, serial number, p2p port, and wifi stat...
Two Popular IP Cameras Riddled With Vulnerabilities
Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...
Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net
Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...
Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities
No description provided by source. CSRF: HTMLTITLELoftek Nexus 543 CSRF PoC/TITLE IMG...
Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities
Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities CSRF: Loftek Nexus 543 CSRF PoC Memory Dump: !/bin/sh This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera The file which is downloaded can be analyzed strings to recover passwords and other goodies i...