Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Brickcom |
|
Configuration 1 [-]
| AND |
|
No data.
References
| Link | Providers |
|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 |
|
History
Tue, 04 Mar 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Brickcom
Brickcom 100ap Device Firmware Brickcom fb-100ap Brickcom md-100ap Brickcom ob-100ae Brickcom osd-040e Brickcom wcb-100ap Brickcom wfb-100ap |
|
| CPEs | cpe:2.3:h:brickom:md-100ap:-:*:*:*:*:*:*:* cpe:2.3:h:brickom:ob-100ae:-:*:*:*:*:*:*:* cpe:2.3:h:brickom:osd-040e:-:*:*:*:*:*:*:* cpe:2.3:h:brickom:wcb-100ap:-:*:*:*:*:*:*:* cpe:2.3:h:brickom:wfb-100ap:-:*:*:*:*:*:*:* cpe:2.3:o:brickom:100ap_device_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:h:brickcom:fb-100ap:-:*:*:*:*:*:*:* cpe:2.3:h:brickcom:md-100ap:-:*:*:*:*:*:*:* cpe:2.3:h:brickcom:ob-100ae:-:*:*:*:*:*:*:* cpe:2.3:h:brickcom:osd-040e:-:*:*:*:*:*:*:* cpe:2.3:h:brickcom:wcb-100ap:-:*:*:*:*:*:*:* cpe:2.3:h:brickcom:wfb-100ap:-:*:*:*:*:*:*:* cpe:2.3:o:brickcom:100ap_device_firmware:*:*:*:*:*:*:*:* |
| Vendors & Products |
Brickom
Brickom 100ap Device Firmware Brickom fb-100ap Brickom md-100ap Brickom ob-100ae Brickom osd-040e Brickom wcb-100ap Brickom wfb-100ap |
Brickcom
Brickcom 100ap Device Firmware Brickcom fb-100ap Brickcom md-100ap Brickcom ob-100ae Brickcom osd-040e Brickcom wcb-100ap Brickcom wfb-100ap |
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-17T03:38:30.242Z
Reserved: 2013-05-29T00:00:00Z
Link: CVE-2013-3689
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-10-04T23:55:03.970
Modified: 2025-03-04T19:48:23.663
Link: CVE-2013-3689
Redhat
No data.