CVE-2013-1594

HIGH

Vivotek PT7135 Firmware 0300a/0400a - Cleartext Credential Storage Exposes Sensitive Information

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1594. PoCs published by Core Security.

AI-analyzed exploit summary The provided code includes multiple proof-of-concept exploits for Vivotek IP cameras, covering vulnerabilities such as information leaks, buffer overflows, RTSP authentication bypass, and command injection. The exploits are written in Python and target specific firmware versions of Vivotek PT7135 IP cameras.

Description

An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/25139

View Code ZIP pw:eip

The provided code includes multiple proof-of-concept exploits for Vivotek IP cameras, covering vulnerabilities such as information leaks, buffer overflows, RTSP authentication bypass, and command injection. The exploits are written in Python and target specific firmware versions of Vivotek PT7135 IP cameras.

Classification

Working Poc 95%

Attack Type

Rce | Info Leak | Auth Bypass | Dos

Complexity

Moderate

Reliability

Reliable

Target: Vivotek PT7135 IP camera with firmware 0300a and 0400a

No auth needed

Prerequisites: Network access to the target IP camera · Knowledge of the target IP address

MITRE ATT&CK