Jonás Ropero Castillo - Security Researcher - Exploit Intelligence Platform

CVE-2013-3540 EXPLOITDB WORKING POC

Ovislink Airlive Od-2025hd - CSRF

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

View Code

CVE-2013-3541 EXPLOITDB WORKING POC

Ovislink Airlive Wl2600cam - Path Traversal

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter.

View Code

CVE-2013-3686 EXPLOITDB WRITEUP

Ovislink Airlive Wl2600cam - Access Control

cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.

View Code

CVE-2013-3687 EXPLOITDB WRITEUP

Ovislink Airlive Od-2025hd - Cryptographic Issue

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.

View Code

CVE-2013-3691 EXPLOITDB HIGH text WORKING POC

Ovislink Airlive Poe2600hd Firmware - Denial of Service

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

CVSS 7.5

View Code