Improper Access Control in TP-Link IP Cameras
CVE-2013-3688

Currently unrated

Key Information:

Vendor: Tp-link
Status: Tl-sc3130; Tl-sc3130g; Tl-sc3171; Tl-sc3171g
Vendor: CVE Published:; 1 October 2013

Summary

The affected TP-Link IP Cameras models lack sufficient restrictions on certain administrative functions, potentially allowing remote attackers to execute commands that can lead to denial of service scenarios. Attackers may exploit this vulnerability by sending specially crafted requests to endpoints such as cgi-bin/reboot for simple device reboots or cgi-bin/hardfactorydefault to reset the device to factory settings, compromising the security and functionality of the device.

References

http://seclists.org/fulldisclosure/2013/Jun/84

mailing-listx_refsource_FULLDISC

http://www.coresecurity.com/advisories/multiple-vulnerabi...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 1, 2013