Airlive.IP.Camera.usrgrp.CGI.CSRF

description-logoDescription

This indicates an attack attempt against a Cross-site request forgery (CSRF) vulnerability in Airlive Ip Camera.
This issue is caused by an error when handling the add action requests sent to /cgi-bin/admin/usrgrp.cgi. It allows a remote attacker to create an alternative user with administration credentials on vulnerable systems via a crafted http request.

affected-products-logoAffected Products

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD

Impact logoImpact

Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)