Zavio IP Cameras Multiple Vulnerabilities Network Vulnerability

Summary

Zavio IP Cameras are prone to multiple vulnerabilities. 1. [CVE-2013-2567] to bypass user web interface authentication using hard-coded credentials. 2. [CVE-2013-2568] to execute arbitrary commands from the administration web interface. This flaw can also be used to obtain all credentials of registered users. 3. [CVE-2013-2569] to access the camera video stream. 4. [CVE-2013-2570] to execute arbitrary commands from the administration web interface (post authentication only). Zavio IP Cameras running firmware version 1.6.03 and below are vulnerable.

References

http://www.coresecurity.com/advisories/zavio-IP-cameras-multiple-vulnerabilities
http://www.securityfocus.com/bid/60188
http://www.securityfocus.com/bid/60189
http://www.securityfocus.com/bid/60190
http://www.securityfocus.com/bid/60191

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2567, CVE-2013-2568, CVE-2013-2569, CVE-2013-2570

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
AstroSPACES profile.php SQL Injection Vulnerability
Apple Safari RSS Feed Information Disclosure Vulnerability
Assesi 'bg' Parameter SQL Injection vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities