Intrusion PreventionD-Link.IP.Cameras.rtpd.CGI.OS.Command.Injection
Description
This indicates an attack attempt to exploit a remote Command Execution vulnerability in D-Link IP Cameras.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when parsing crafted HTTP requests. A remote attacker may be able to exploit this to execute arbitrary OS commands within the context of the application, via a crafted HTTP request.
Affected Products
DCS-3411/3430 - firmware v1.02
DCS-5605/5635 - v1.01
DCS-1100L/1130L - v1.04
DCS-1100/1130 - v1.03
DCS-1100/1130 - v1.04_US
DCS-2102/2121 - v1.05_RU
DCS-3410 - v1.02
DCS-5230 - v1.02
DCS-5230L - v1.02
DCS-6410 - v1.00
DCS-7410 - v1.00
DCS-7510 - v1.00
WCS-1100 - v1.02
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.dlink.com/us/en/support
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
http://www.exploit-db.com/exploits/25138/| ID | 35338 |
| Created | May 22, 2013 |
| Updated | Mar 02, 2018 |
| Risk |
|
| CVE ID | CVE-2013-1599 |
| Exploit Prediction Score | 91.56% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Other |