Eliezer Varadé Lopez - Security Researcher - Exploit Intelligence Platform

CVE-2013-3540 EXPLOITDB WORKING POC

AirLive OD-2025HD OD-2060HD POE100HD POE200HD POE250HD POE2600HD - Cross-Site Request Forgery in User Group Management

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

View Code

CVE-2013-3541 EXPLOITDB WORKING POC

AirLive WL2600CAM - Path Traversal via fileread READ.filePath Parameter

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter.

View Code

CVE-2013-3686 EXPLOITDB WRITEUP

AirLive WL2600CAM - Information Disclosure via CGI Operator Param

cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.

View Code

CVE-2013-3687 EXPLOITDB WRITEUP

Ovislink Airlive Od-2025hd - Cryptographic Issue

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.

View Code

CVE-2013-3691 EXPLOITDB HIGH text WORKING POC

AirLive POE-2600HD Firmware - Denial of Service via Long URL

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

CVSS 7.5

View Code