Information Disclosure in Vivotek PT7135 IP Camera
CVE-2013-1594

7.5HIGH

Key Information:

Vendor

Vivotek

Status
Pt7135 Firmware
Vendor
CVE Published:
24 January 2020

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 22%

What is CVE-2013-1594?

The Vivotek PT7135 IP Camera, in versions 0300a and 0400a, discloses sensitive information through a GET request. This flaw arises from the insecure storage of wireless keys and third-party credentials in clear text, allowing potential attackers to exploit the system and access confidential data without authentication.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-1594 - Proof of Concept

References

http://www.securityfocus.com/bid/59572
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/83943
x_refsource_MISC
http://www.exploit-db.com/exploits/25139
x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.