|
Description
|
|
A security issue has been reported in AirLive WL-2600CAM IP Camera, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to an error when handling HTTP GET requests to cgi-bin/operator/param?action=list&group=General.UserID, which can be exploited to bypass certain access restrictions and subsequently e.g. gain knowledge of the administrative user's credentials.
Successful exploitation requires "operator" permissions.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
AirLive WL-2600CAM IP CameraVulnerable Software:
|
|
|
|
|
|
Solution
|
|
No official solution is currently available.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://packetstormsecurity.com/files/122001/Airlive-CSRF-Traversal-Disclosure-Denial-Of-Service.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
