Airlive.IP.Camera.usrgrp.CGI.CSRF
Description
This indicates an attack attempt against a Cross-site request forgery (CSRF) vulnerability in Airlive Ip Camera.
This issue is caused by an error when handling the add action requests sent to /cgi-bin/admin/usrgrp.cgi. It allows a remote attacker to create an alternative user with administration credentials on vulnerable systems via a crafted http request.
Affected Products
AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD
Impact
Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |