CVE-2013-1605

MayGion IP Camera Firmware < 2013.04.22 (05.53) - Remote Code Execution via Long Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1605. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a path traversal vulnerability (CVE-2013-1604) to leak credentials and a buffer overflow (CVE-2013-1605) to achieve arbitrary code execution in MayGion IP cameras. Both PoCs are simple HTTP requests triggering the vulnerabilities without authentication.

Description

Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/25813

View Code ZIP pw:eip

The exploit demonstrates a path traversal vulnerability (CVE-2013-1604) to leak credentials and a buffer overflow (CVE-2013-1605) to achieve arbitrary code execution in MayGion IP cameras. Both PoCs are simple HTTP requests triggering the vulnerabilities without authentication.

Classification

Working Poc 90%

Attack Type

Rce | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MayGion IP cameras firmware v09.27 and below

No auth needed

Prerequisites: Network access to the vulnerable IP camera

MITRE ATT&CK