CVE-2013-3689

EUVD-2013-3622
Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
brickcom100ap_device_firmware
𝑥
≤ 3.0.6.16c1
brickcomfb-100ap
-
brickcommd-100ap
-
brickcomob-100ae
-
brickcomosd-040e
-
brickcomwcb-100ap
-
brickcomwfb-100ap
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2013/Jun/84
http://seclists.org/fulldisclosure/2013/Jun/84