CVE-2013-3690

CVE

MediumConfirmedExploit available

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-04…

CVSS

6.8

Medium

EPSS

0.12

p95

Published

2013-01-01

Updated

2013-01-01

Description

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.

Tags · CWE

CWE-352

CAPEC-62

CAPEC-111

CAPEC-462

CAPEC-467

Affected products

100ap_device_firmwareFb-100apMd-100apOb-100aeOsd-040eWcb-100apWfb-100ap

CVSS vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Timeline

2013-01-01

Published

2013-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: P

Partial

Integrity Impact

I: P

Partial

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.124 · p95

Known exploited (KEV)

Known exploits — Сканер-ВС

38582

exploitdb · https://www.exploit-db.com/exploits/38582

Enterprise

Affected products

Brickcom

100ap Device Firmware Fb-100ap Md-100ap Ob-100ae Osd-040e Wcb-100ap Wfb-100ap

Product	Vendor	Status
100ap_device_firmware	*	Tracked
fb-100ap	*	Tracked
md-100ap	*	Tracked
ob-100ae	*	Tracked
osd-040e	*	Tracked
wcb-100ap	*	Tracked
wfb-100ap	*	Tracked

Source databases

CVE