Nahuel Riva

23 exploits Active since Aug 2010
CVE-2013-2568 EXPLOITDB CRITICAL WRITEUP
Zavio IP Cameras <1.6.3 - Command Injection
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
CVSS 9.8
CVE-2013-2569 EXPLOITDB HIGH WRITEUP
Zavio IP Cameras <1.6.3 - Auth Bypass
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
CVSS 7.5
CVE-2013-1595 EXPLOITDB CRITICAL WORKING POC
Vivotek PT7135 Firmware 0300a and 0400a - Buffer Overflow via RTSP Authorization Header
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
CVSS 9.8
CVE-2013-1596 EXPLOITDB MEDIUM WORKING POC
Vivotek PT7135 Firmware 0300a and 0400a - Authentication Bypass via RTSP Packet
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
CVSS 5.3
CVE-2013-1597 EXPLOITDB MEDIUM WORKING POC
Vivotek PT7135 Firmware 0300a and 0400a - Path Traversal via GET Request
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
CVSS 6.5
CVE-2013-1600 EXPLOITDB MEDIUM WRITEUP
D-Link DCS-2102 and DCS-2121 Firmware - Authentication Bypass via UPnP ASF-MP4 Streaming
An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.
CVSS 5.3
CVE-2013-1601 EXPLOITDB MEDIUM WRITEUP
D-Link DCS and WCS Firmware - Unauthenticated Information Disclosure via lums.cgi
An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.
CVSS 5.3
CVE-2013-1602 EXPLOITDB HIGH WRITEUP
D-Link DCS-3411 and Multiple Camera Firmware - Unauthenticated Information Disclosure via RTSP Session Cookie
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
CVSS 7.5
CVE-2013-1604 EXPLOITDB text WORKING POC
MayGion IP Camera Firmware < 09.27 - Path Traversal via Default URI
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2013-1599 EXPLOITDB CRITICAL text WRITEUP
Dlink Dcs-3411 Firmware - OS Command Injection
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
CVSS 9.8
CVE-2013-1594 EXPLOITDB HIGH text WORKING POC
Vivotek PT7135 Firmware 0300a/0400a - Cleartext Credential Storage Exposes Sensitive Information
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
CVSS 7.5
CVE-2013-2572 EXPLOITDB HIGH text WRITEUP
TP-LINK TL-SC 3130, TL-SC 3130G, TL-SC 3171G, TL-SC 4171G < 1.6.18p12 - Security Bypass via Hard-coded Credentials
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
CVSS 7.5
CVE-2013-2567 EXPLOITDB HIGH text WRITEUP
Zavio IP Cameras <1.6.03 - Auth Bypass
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
CVSS 7.5
CVE-2010-2709 METASPLOIT ruby WORKING POC
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
CVE-2010-2709 EXPLOITDB text WORKING POC
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
CVE-2010-2709 EXPLOITDB ruby WORKING POC
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
CVE-2013-1598 EXPLOITDB HIGH text WORKING POC
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
CVSS 8.8
CVE-2013-2570 EXPLOITDB CRITICAL text WRITEUP
Zavio IP Cameras <1.6.3 - Command Injection
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
CVSS 9.8
CVE-2015-2279 EXPLOITDB CRITICAL text WORKING POC
AirLive BU-2015, BU-3026, and MD-3025 - OS Command Injection via cgi_test.cgi Parameters
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.
CVSS 9.8
CVE-2013-2573 EXPLOITDB CRITICAL text WRITEUP
TP-Link IP Camera - Command Injection
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
CVSS 9.8
CVE-2013-1605 EXPLOITDB text WORKING POC
MayGion IP Camera Firmware < 2013.04.22 (05.53) - Remote Code Execution via Long Filename
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
CVE-2013-1603 EXPLOITDB MEDIUM text WRITEUP
D-Link DCS and WCS Firmware - Unauthenticated Remote Access via Hard-coded Credentials
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
CVSS 5.3
CVE-2015-2280 EXPLOITDB HIGH text WRITEUP
AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Firmware - Authenticated OS Command Injection via mac Parameter
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
CVSS 8.8