CVE-2013-2579 - TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before be

CVE-2013-2579

Summary

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.

References

http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras

Vulnerable Configurations

cpe:2.3:h:tp-link:tl-sc3130:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3130:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3130g:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3130g:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3171:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3171:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3171g:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-sc3171g:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:lm_firmware:1.6.18p12_sign5:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:lm_firmware:1.6.18p12_sign5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 15-10-2013 - 14:11)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras

Last major update

15-10-2013 - 14:11

Published

11-10-2013 - 21:55

Last modified

15-10-2013 - 14:11