CVE-2013-1391

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huntcctv:dvr-04ch_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dvr-04ch:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huntcctv:dvr-04nc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dvr-04nc:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huntcctv:dvr-08ch_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dvr-08ch:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:huntcctv:dvr-08nc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dvr-08nc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:huntcctv:dvr-16ch_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dvr-16ch:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:huntcctv:dr6-704a4h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dr6-704a4h:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:huntcctv:dr6-708a4h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dr6-708a4h:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:huntcctv:dr6-7316a4h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dr6-7316a4h:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:huntcctv:dr6-7316a4hl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:dr6-7316a4hl:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:huntcctv:hdr-04kd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:hdr-04kd:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:huntcctv:hdr-08kd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huntcctv:hdr-08kd:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:capturecctv:cdr_0410ve_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:capturecctv:cdr_0410ve:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:capturecctv:cdr_0820vde_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:capturecctv:cdr_0820vde:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:hachi:hv-04rd_pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hachi:hv-04rd_pro:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:hachi:hv-08rd_pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hachi:hv-08rd_pro:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:novuscctv:nv-dvr1204_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:novuscctv:nv-dvr1204:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:novuscctv:nv-dvr1208_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:novuscctv:nv-dvr1208:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:novuscctv:nv-dvr1216_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:novuscctv:nv-dvr1216:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:vsp:tw-dvr604_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:vsp:tw-dvr604:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:vsp:tw-dvr616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:vsp:tw-dvr616:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:49

Type Values Removed Values Added
References () http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html - Exploit, Third Party Advisory () http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html - Exploit, Third Party Advisory
References () https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure - Third Party Advisory () https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure - Third Party Advisory
References () https://www.securityfocus.com/bid/57579/info - Exploit, Third Party Advisory, VDB Entry () https://www.securityfocus.com/bid/57579/info - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2019-10-30 21:15

Updated : 2024-11-21 01:49


NVD link : CVE-2013-1391

Mitre link : CVE-2013-1391

CVE.ORG link : CVE-2013-1391


JSON object : View

Products Affected

huntcctv

  • dr6-7316a4h
  • dvr-04ch_firmware
  • dvr-04ch
  • dr6-704a4h
  • dr6-7316a4hl
  • dr6-708a4h_firmware
  • hdr-08kd_firmware
  • hdr-04kd_firmware
  • dr6-704a4h_firmware
  • dr6-7316a4h_firmware
  • dr6-708a4h
  • dvr-08nc
  • hdr-04kd
  • dr6-7316a4hl_firmware
  • dvr-04nc
  • dvr-16ch_firmware
  • hdr-08kd
  • dvr-08ch
  • dvr-08ch_firmware
  • dvr-16ch
  • dvr-08nc_firmware
  • dvr-04nc_firmware

novuscctv

  • nv-dvr1208_firmware
  • nv-dvr1204_firmware
  • nv-dvr1208
  • nv-dvr1204
  • nv-dvr1216
  • nv-dvr1216_firmware

hachi

  • hv-04rd_pro_firmware
  • hv-04rd_pro
  • hv-08rd_pro
  • hv-08rd_pro_firmware

capturecctv

  • cdr_0820vde_firmware
  • cdr_0410ve
  • cdr_0820vde
  • cdr_0410ve_firmware

vsp

  • tw-dvr616
  • tw-dvr604_firmware
  • tw-dvr604
  • tw-dvr616_firmware
CWE
CWE-287

Improper Authentication