CVE-2013-1598

HIGH

Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1598. PoCs published by Core Security.

AI-analyzed exploit summary The provided code includes multiple proof-of-concept exploits for Vivotek IP cameras, covering vulnerabilities such as information leaks, buffer overflows, RTSP authentication bypass, and command injection. The exploits are written in Python and target specific firmware versions of Vivotek PT7135 IP cameras.

Description

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/25139

View Code ZIP pw:eip

The provided code includes multiple proof-of-concept exploits for Vivotek IP cameras, covering vulnerabilities such as information leaks, buffer overflows, RTSP authentication bypass, and command injection. The exploits are written in Python and target specific firmware versions of Vivotek PT7135 IP cameras.

Classification

Working Poc 95%

Attack Type

Rce | Info Leak | Auth Bypass | Dos

Complexity

Moderate

Reliability

Reliable

Target: Vivotek PT7135 IP camera with firmware 0300a and 0400a

No auth needed

Prerequisites: Network access to the target IP camera · Knowledge of the target IP address

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/59575

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/83946

Exploit, Third Party Advisory x_refsource_misc

https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities

Exploit, Third Party Advisory x_refsource_misc

https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt

Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/cve/CVE-2013-1598

Scores

CVSS v3 8.8

EPSS 0.2046

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

vivotek/pt7135_firmware 0300a

vivotek/pt7135_firmware 0400a

Published Jan 24, 2020

Tracked Since Feb 18, 2026