CVE-2013-1391

HIGH

Huntcctv Dvr-04ch Firmware - Authentication Bypass

Title source: rule

Description

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Alejandro Ramos · textremotemultiple

https://www.exploit-db.com/exploits/38248

View Code ZIP pw:eip

metasploit WORKING POC

by Alejandro Ramos, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html

[Third Party Advisory] https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/bid/57579/info

Scores

CVSS v3 7.5

EPSS 0.8715

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (20)

capturecctv/cdr_0410ve_firmware

capturecctv/cdr_0820vde_firmware

hachi/hv-04rd_pro_firmware

hachi/hv-08rd_pro_firmware

huntcctv/dr6-704a4h_firmware

huntcctv/dr6-708a4h_firmware

huntcctv/dr6-7316a4h_firmware

huntcctv/dr6-7316a4hl_firmware

huntcctv/dvr-04ch_firmware

huntcctv/dvr-04nc_firmware

... and 10 more

Published Oct 30, 2019

Tracked Since Feb 18, 2026