Summary
Zavio IP Cameras are prone to multiple vulnerabilities.
1. [CVE-2013-2567] to bypass user web interface authentication using hard-coded credentials.
2. [CVE-2013-2568] to execute arbitrary commands from the administration web interface. This flaw can also be used to obtain all credentials of registered users.
3. [CVE-2013-2569] to access the camera video stream.
4. [CVE-2013-2570] to execute arbitrary commands from the administration web interface (post authentication only).
Zavio IP Cameras running firmware version 1.6.03 and below are vulnerable.
References
Severity
Classification
-
CVE CVE-2013-2567, CVE-2013-2568, CVE-2013-2569, CVE-2013-2570 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Athena Web Registration remote command execution flaw
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- AjaxPortal 'di.php' File Inclusion Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability